Mitsubishi Electric GOT2000

MonitorCVSS 5.3ICS-CERT ICSA-22-333-01Nov 29, 2022

Mitsubishi ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

The Mitsubishi Electric GOT2000 Series HMI devices (GT27, GT25, GT23 models) contain an input validation vulnerability in the embedded FTP server (versions 01.39.000 and earlier). An authenticated attacker can send a specially crafted FTP command that causes the FTP server to crash or become unresponsive, denying service to operators and engineering staff attempting to access the device interface. The vulnerability requires valid FTP credentials and network access to the target device, and attack complexity is high. Mitsubishi Electric has released patched firmware versions (01.47.000 or later) for all affected models.

What this means

What could happen

An attacker with authenticated network access to a GOT2000 device could send a specially crafted FTP command that causes the device to stop responding, interrupting operator access to the human-machine interface (HMI) and potentially disrupting monitoring and control of critical processes.

Who's at risk

This affects energy utilities and other industrial operators using Mitsubishi Electric GOT2000 series HMI touchscreen units (GT27, GT25, and GT23 models) in their control systems. Any facility relying on GOT2000 for operator interface to critical processes is at risk of losing access to monitoring and control functions during an outage.

How it could be exploited

An attacker needs valid credentials and network connectivity to the FTP server running on the GOT2000. They send a malformed FTP command that triggers input validation failure in the FTP server, causing it to become unresponsive and deny service to legitimate users trying to access the HMI interface.

Prerequisites

Valid FTP credentials or weak/default credentials
Network access to FTP port on the GOT2000 device
Knowledge of specific malformed FTP command format required

Remotely exploitable over networkAuthentication required (medium reduction in risk)High attack complexity (reduces risk)Denial-of-service impactAffects industrial control HMI

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

3 pending

ProductAffected VersionsFix Status

GOT2000 Series - GT27 Model: FTP server≤ 01.39.000No fix yet

GOT2000 Series - GT25 Model: FTP server≤ 01.39.000No fix yet

GOT2000 Series - GT23 Model: FTP server≤ 01.39.000No fix yet

Remediation & Mitigation

0/6

Do now

0/3

WORKAROUNDDisable FTP server access if not required for operations; use alternative file transfer methods

WORKAROUNDImplement IP filter rules in GT Designer3 to restrict FTP access to authorized engineering workstations only

HARDENINGSet strong, unique passwords on all FTP accounts to prevent credential compromise

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GOT2000 FTP server firmware to version 01.47.000 or later using GT Designer3 Version1 software

Long-term hardening

0/2

HARDENINGIsolate GOT2000 devices to plant LAN only; block any inbound FTP connections from untrusted networks or the internet

HARDENINGDeploy GOT2000 devices behind firewall with explicit allow rules for only required FTP access

CVEs (1)

CVE-2022-40266

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f7cdf7bc-17d0-40b8-8dbd-4862749cbf95

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.