Mitsubishi Electric GOT2000 Series and GT SoftGOT2000
Plan Patch7.4ICS-CERT ICSA-23-033-02Feb 2, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
GOT Mobile Function on Mitsubishi Electric GOT2000 Series (GT27 and GT25 models) and GT SoftGOT2000 software contain vulnerabilities in HTML attribute handling and clickjacking defenses. These flaws allow attackers to trick operators into unintended actions through malicious web pages or to disclose sensitive information from operator browsers. The vulnerabilities affect GOT Mobile versions 01.14.000 through 01.47.000 (GT27/GT25) and GT SoftGOT2000 versions 1.265B through 1.285X.
What this means
What could happen
An attacker could trick operators into clicking hidden or disguised web elements on a GOT2000 series operator interface, potentially allowing them to perform unauthorized control commands or steal sensitive data from the device. Attackers could also impersonate legitimate users to access the interface and alter plant settings.
Who's at risk
Energy sector utilities using Mitsubishi Electric GOT2000 series operator interfaces (GT27 and GT25 models) or GT SoftGOT2000 software for SCADA/HMI control should assess exposure. This affects any facility relying on these devices for human-machine interaction with programmable logic controllers or remote terminal units.
How it could be exploited
An attacker crafts a malicious web page with hidden clickjacking elements and tricks an operator into visiting the page while logged into the GOT Mobile interface. The operator's click triggers unintended actions on the control device, or the attacker exploits HTML attribute flaws to read session data or impersonate the user to send commands to the PLC or field devices.
Prerequisites
- Network access to the GOT Mobile Function web interface
- Operator must be logged into the GOT Mobile interface when tricked into visiting attacker's malicious page
- High attack complexity suggests specific configuration or user interaction setup is required
Remotely exploitableHigh attack complexity reduces practical riskNo patch available for affected versions (end-of-life status implied)Affects human-machine interface critical to operations
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
GOT Mobile Function on GOT2000 Series and GT SoftGOT2000: GT27 model: GOT Mobile01.14.000 -01.47.0001.290C or later
GOT Mobile Function on GOT2000 Series and GT SoftGOT2000: GT25 model: GOT Mobile01.14.000 -01.47.0001.290C or later
GOT Mobile Function on GOT2000 Series and GT SoftGOT2000: GT SoftGOT2000: software1.265B -1.285X1.290C or later
Remediation & Mitigation
0/7
Do now
0/2WORKAROUNDDisable GOT Mobile Function if not required for operations
HARDENINGUse firewall or VPN to restrict network access to GOT Mobile Function from untrusted networks
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
HOTFIXUpdate GOT2000 GT27 model GOT Mobile to version 01.48.000 or later
HOTFIXUpdate GOT2000 GT25 model GOT Mobile to version 01.48.000 or later
HOTFIXUpdate GT SoftGOT2000 software to version 1.290C or later
HARDENINGConfigure IP filter rules to limit which hosts can access the device
Long-term hardening
0/1HARDENINGDeploy GOT devices on isolated local area network (LAN) and block access from external networks
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/39aed0a7-368c-4406-9700-0b3598cfdb00