Mitsubishi Electric Multiple Factory Automation Products (Update B)

Act Now9.8ICS-CERT ICSA-22-221-01Aug 30, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Mitsubishi Electric factory automation products contain code execution and denial-of-service vulnerabilities. Affected products: CC-Link IE TSN Industrial Managed Switch (firmware versions ≤03), GOT2000 compatible HMI software (Version 1.275M), and MELSEC iQ-R Series OPC UA Server Module (firmware versions ≤08). Exploitation requires only network access and no credentials. Successful attacks could enable arbitrary code execution or crash services, disrupting production operations and data exchange between control devices.

What this means

What could happen

An attacker could execute arbitrary code or trigger denial-of-service on critical factory automation devices, disrupting manufacturing processes, data collection from PLCs, or network connectivity across production equipment.

Who's at risk

Manufacturing and energy sector operators using Mitsubishi Electric factory automation equipment should assess their use of: CC-Link IE TSN managed switches (network backbone for production lines), GOT2000 HMI software (operator dashboards and process monitoring), and MELSEC iQ-R OPC UA servers (real-time data collection from PLCs and field devices). Any of these components can be critical to production scheduling and safety system visibility.

How it could be exploited

An unauthenticated attacker with network access to any of the affected devices (HMI software, managed switch, or OPC UA server) can send specially crafted packets to trigger code execution or crash the service. No credentials or user interaction are required.

Prerequisites

Network access to the affected Mitsubishi Electric device (port varies by product: web interface for switch, network connectivity for HMI and OPC UA server)
No credentials required for exploitation

remotely exploitableno authentication requiredlow complexityhigh EPSS score (41.2%)affects automation/control systemsMELSEC iQ-R lacks patch availability

Exploitability

High exploit probability (EPSS 41.2%)

Affected products (3)

1 with fix1 pending1 EOL

ProductAffected VersionsFix Status

CC-Link IE TSN Industrial Managed Switch (NZ2MHG-TSNT8F2 NZ2MHG-TSNT4):≤ 03No fix yet

MELSEC iQ-R Series OPC UA Server Module (RD81OPC96):≤ 08No fix (EOL)

GOT2000 compatible HMI software (GT SoftGOT2000):1.275M1.280S or later

Remediation & Mitigation

0/8

Do now

0/3

WORKAROUNDFor MELSEC iQ-R OPC UA Server Module: Update OPC UA Client to the latest version and ensure legitimate certificates are in use

HARDENINGChange default username and password on CC-Link IE TSN switch via [Account Management] and set proper access permissions for different users

HARDENINGRestrict network access to affected devices using firewall rules; keep devices within LAN and block untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

GOT2000 compatible HMI software (GT SoftGOT2000):

HOTFIXUpdate GOT2000 compatible HMI software (GT SoftGOT2000) to Version 1.280S or later

All products

HOTFIXUpdate CC-Link IE TSN Industrial Managed Switch firmware to Version 04 or later via web interface [System] → [System Management] → [Firmware Upgrade]

Mitigations - no patch available

0/3

MELSEC iQ-R Series OPC UA Server Module (RD81OPC96): has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGUse VPN for any required internet access to affected devices

HARDENINGInstall antivirus software on all computers running GOT2000 compatible HMI software

HARDENINGRestrict physical access to computers running GOT2000 compatible HMI software

CVEs (2)

CVE-2022-0778 CVE-2022-1292

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/de945c92-2da3-4d52-9eef-ae53bce32beb