OTPulse
FeedAboutContact

Mitsubishi Electric GOT2000

Monitor5.3ICS-CERT ICSA-22-333-01Nov 29, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

The Mitsubishi Electric GOT2000 Series HMI devices (GT27, GT25, GT23 models) contain an input validation vulnerability in the embedded FTP server (versions 01.39.000 and earlier). An authenticated attacker can send a specially crafted FTP command that causes the FTP server to crash or become unresponsive, denying service to operators and engineering staff attempting to access the device interface. The vulnerability requires valid FTP credentials and network access to the target device, and attack complexity is high. Mitsubishi Electric has released patched firmware versions (01.47.000 or later) for all affected models.

What this means
What could happen
An attacker with authenticated network access to a GOT2000 device could send a specially crafted FTP command that causes the device to stop responding, interrupting operator access to the human-machine interface (HMI) and potentially disrupting monitoring and control of critical processes.
Who's at risk
This affects energy utilities and other industrial operators using Mitsubishi Electric GOT2000 series HMI touchscreen units (GT27, GT25, and GT23 models) in their control systems. Any facility relying on GOT2000 for operator interface to critical processes is at risk of losing access to monitoring and control functions during an outage.
How it could be exploited
An attacker needs valid credentials and network connectivity to the FTP server running on the GOT2000. They send a malformed FTP command that triggers input validation failure in the FTP server, causing it to become unresponsive and deny service to legitimate users trying to access the HMI interface.
Prerequisites
  • Valid FTP credentials or weak/default credentials
  • Network access to FTP port on the GOT2000 device
  • Knowledge of specific malformed FTP command format required
Remotely exploitable over networkAuthentication required (medium reduction in risk)High attack complexity (reduces risk)Denial-of-service impactAffects industrial control HMI
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
GOT2000 Series - GT27 Model: FTP server≤ 01.39.000No fix yet
GOT2000 Series - GT25 Model: FTP server≤ 01.39.000No fix yet
GOT2000 Series - GT23 Model: FTP server≤ 01.39.000No fix yet
Remediation & Mitigation
0/6
Do now
0/3
WORKAROUNDDisable FTP server access if not required for operations; use alternative file transfer methods
WORKAROUNDImplement IP filter rules in GT Designer3 to restrict FTP access to authorized engineering workstations only
HARDENINGSet strong, unique passwords on all FTP accounts to prevent credential compromise
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GOT2000 FTP server firmware to version 01.47.000 or later using GT Designer3 Version1 software
Long-term hardening
0/2
HARDENINGIsolate GOT2000 devices to plant LAN only; block any inbound FTP connections from untrusted networks or the internet
HARDENINGDeploy GOT2000 devices behind firewall with explicit allow rules for only required FTP access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f7cdf7bc-17d0-40b8-8dbd-4862749cbf95
Mitsubishi Electric GOT2000 | CVSS 5.3 - OTPulse