Mitsubishi Electric Multiple Factory Automation Products (Update B)
Act NowCVSS 9.8ICS-CERT ICSA-22-221-01Aug 30, 2022
Mitsubishi ElectricEnergyManufacturing
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Mitsubishi Electric factory automation products contain code execution and denial-of-service vulnerabilities. Affected products: CC-Link IE TSN Industrial Managed Switch (firmware versions ≤03), GOT2000 compatible HMI software (Version 1.275M), and MELSEC iQ-R Series OPC UA Server Module (firmware versions ≤08). Exploitation requires only network access and no credentials. Successful attacks could enable arbitrary code execution or crash services, disrupting production operations and data exchange between control devices.
What this means
What could happen
An attacker could execute arbitrary code or trigger denial-of-service on critical factory automation devices, disrupting manufacturing processes, data collection from PLCs, or network connectivity across production equipment.
Who's at risk
Manufacturing and energy sector operators using Mitsubishi Electric factory automation equipment should assess their use of: CC-Link IE TSN managed switches (network backbone for production lines), GOT2000 HMI software (operator dashboards and process monitoring), and MELSEC iQ-R OPC UA servers (real-time data collection from PLCs and field devices). Any of these components can be critical to production scheduling and safety system visibility.
How it could be exploited
An unauthenticated attacker with network access to any of the affected devices (HMI software, managed switch, or OPC UA server) can send specially crafted packets to trigger code execution or crash the service. No credentials or user interaction are required.
Prerequisites
- Network access to the affected Mitsubishi Electric device (port varies by product: web interface for switch, network connectivity for HMI and OPC UA server)
- No credentials required for exploitation
remotely exploitableno authentication requiredlow complexityhigh EPSS score (41.2%)affects automation/control systemsMELSEC iQ-R lacks patch availability
Exploitability
Likely to be exploited — EPSS score 37.8%
Public Proof-of-Concept (PoC) on GitHub (10 repositories)
Affected products (3)
1 with fix1 pending1 EOL
ProductAffected VersionsFix Status
CC-Link IE TSN Industrial Managed Switch (NZ2MHG-TSNT8F2 NZ2MHG-TSNT4):≤ 03No fix yet
MELSEC iQ-R Series OPC UA Server Module (RD81OPC96):≤ 08No fix (EOL)
GOT2000 compatible HMI software (GT SoftGOT2000):1.275M1.280S+
Remediation & Mitigation
0/8
Do now
0/3WORKAROUNDFor MELSEC iQ-R OPC UA Server Module: Update OPC UA Client to the latest version and ensure legitimate certificates are in use
HARDENINGChange default username and password on CC-Link IE TSN switch via [Account Management] and set proper access permissions for different users
HARDENINGRestrict network access to affected devices using firewall rules; keep devices within LAN and block untrusted networks
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
GOT2000 compatible HMI software (GT SoftGOT2000):
HOTFIXUpdate GOT2000 compatible HMI software (GT SoftGOT2000) to Version 1.280S or later
All products
HOTFIXUpdate CC-Link IE TSN Industrial Managed Switch firmware to Version 04 or later via web interface [System] → [System Management] → [Firmware Upgrade]
Mitigations - no patch available
0/3MELSEC iQ-R Series OPC UA Server Module (RD81OPC96): has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGUse VPN for any required internet access to affected devices
HARDENINGInstall antivirus software on all computers running GOT2000 compatible HMI software
HARDENINGRestrict physical access to computers running GOT2000 compatible HMI software
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/de945c92-2da3-4d52-9eef-ae53bce32bebGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.