OTPulse
FeedAboutContact

Mitsubishi Electric GT SoftGOT2000

Act Now9.8ICS-CERT ICSA-22-319-01Nov 15, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

GT SoftGOT2000 versions 1.275M through 1.280S contain an OS command injection vulnerability (CWE-78) that allows remote execution of arbitrary commands. This affects the HMI/SCADA visualization software used to monitor and control industrial processes in energy facilities. The vulnerability requires no authentication and can be triggered remotely with low complexity.

What this means
What could happen
An attacker could remotely execute arbitrary operating system commands on the engineering workstation running GT SoftGOT2000, potentially allowing them to alter process setpoints, display false readings, or disrupt monitoring and control of critical energy infrastructure.
Who's at risk
Energy sector organizations using Mitsubishi Electric GT SoftGOT2000 HMI/SCADA software for power generation, distribution, or other critical process monitoring and control. This primarily affects engineering workstations and operator stations used to visualize and manage industrial control systems in electric utilities and power plants.
How it could be exploited
An attacker with network access to a GT SoftGOT2000 instance can send a specially crafted request to inject OS commands without authentication. The vulnerability is remotely exploitable and requires low complexity, meaning an attacker can craft the malicious input without needing to understand the system in detail or interact with it multiple times.
Prerequisites
  • Network reachability to the GT SoftGOT2000 host on the port it listens on
  • No authentication required
remotely exploitableno authentication requiredlow complexityhigh EPSS score (18.8%)no patch available for current versions (upgrade required to future version)affects SCADA/HMI systems
Exploitability
High exploit probability (EPSS 18.8%)
Affected products (1)
ProductAffected VersionsFix Status
GT SoftGOT2000 - GT SoftGOT2000 1.275M 1.280S1.275M—1.280S1.285X or later
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDIsolate GT SoftGOT2000 hosts to a trusted local area network and block inbound access from untrusted networks and hosts using firewall rules
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade GT SoftGOT2000 to version 1.285X or later
Long-term hardening
0/3
HARDENINGInstall and maintain antivirus software on all workstations running GT SoftGOT2000
HARDENINGRestrict physical access to engineering workstations and network equipment to authorized personnel only
HARDENINGDo not store or trust untrusted certificates on GT SoftGOT2000 hosts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/196fa82c-175d-47ba-b343-2e03150377ee
Mitsubishi Electric GT SoftGOT2000 | CVSS 9.8 - OTPulse