OTPulse

Mitsubishi Electric FA Engineering Software (Update A)

Plan PatchCVSS 9.3ICS-CERT ICSA-23-269-03Sep 26, 2023
Mitsubishi ElectricEnergy
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Improper file permissions in Mitsubishi Electric FA Engineering software installation directories allow a local attacker to execute arbitrary code and modify system files. The vulnerability stems from incorrect access control on installation directories and allows an attacker with user-level access to inject code that executes with elevated privileges when other users run the affected tools. This affects 25 different engineering tools including PLC programmers, HMI designers, and device configuration utilities. Successful exploitation could result in unauthorized modification or deletion of PLC program files, safety configurations, and operational data, or denial of service to the engineering environment.

What this means
What could happen
An attacker with local access to an engineering workstation could execute arbitrary code and modify or delete engineering files, logic configurations, and operational data—potentially allowing unauthorized changes to PLC programs or loss of critical system configurations.
Who's at risk
Electrical utilities and manufacturing facilities using Mitsubishi Electric FA engineering software on Windows workstations for PLC programming and configuration. Affected tools include GX Works2/3 (PLC programming), GT Designer3 (HMI/operator interface design), FR Configurator2 (safety relay programming), and related configuration and monitoring utilities. Engineering staff who develop and maintain PLC logic and device configurations are at highest risk.
How it could be exploited
An attacker with user-level access to a Windows engineering workstation running the affected software could exploit improper file permissions in the installation directory to inject malicious code into system directories. The malicious code would execute with the privileges of the next user to run the tool, allowing code execution and file manipulation.
Prerequisites
  • Local access to the engineering workstation
  • User privileges (no administrative access required)
  • The affected software installed in a non-default location or with non-default permissions
Local access requiredImproper file permissions in installation directoryNo patch available for 13 products (end-of-life)Affects critical engineering tools used to configure PLCs and safety systemsCode execution with system-level privileges possible
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (26)
26 pending
ProductAffected VersionsFix Status
AL-PCS/WIN-E: vers:all/*All versionsNo fix yet
CPU Module Logging Configuration Tool: vers:all/*All versionsNo fix yet
EZSocket: vers:all/*All versionsNo fix yet
FR Configurator2: vers:all/*All versionsNo fix yet
FX Configurator-EN: vers:all/*All versionsNo fix yet
Remediation & Mitigation
0/16
Do now
0/1
HARDENINGInstall affected products (GX Works2, GX Works3, FR Configurator2, GT Designer3, and others listed) in default installation locations with correct file permissions
Schedule — requires maintenance window
0/14

Patching may require device reboot — plan for process interruption

GT Designer3 Version1(GOT2000): vers:all/*
HOTFIXFor GT Designer3 Version1(GOT2000), upgrade to version 1.236W or later
HOTFIXFor GT SoftGOT2000 Version1, upgrade to version 1.236W or later
GT Designer3 Version1(GOT1000): vers:all/*
HOTFIXFor GT SoftGOT1000 Version3, upgrade to version 3.245F or later
All products
HOTFIXFor CPU Module Logging Configuration Tool, upgrade to version 1.106K or later
HOTFIXFor EZSocket, upgrade to version 4.6 or later
HOTFIXFor FR Configurator2, upgrade to version 1.23Z or later
HOTFIXFor GX LogViewer, upgrade to version 1.106K or later
HOTFIXFor GX Works2, upgrade to version 1.595V or later
HOTFIXFor GX Works3, upgrade to version 1.065T or later
HOTFIXFor MELSOFT FieldDeviceConfigurator, upgrade to version 1.04E or later
HOTFIXFor MELSOFT Navigator, upgrade to version 2.70Y or later
HOTFIXFor MX Component, upgrade to version 4.20W or later
HOTFIXFor RT ToolBox3, upgrade to version 1.80J or later
HOTFIXFor Data Transfer, upgrade to version 3.41T or later
Long-term hardening
0/1
HARDENINGRestrict local access to engineering workstations through physical security or endpoint access controls
View full CISA ICS-CERT advisory
API: /api/v1/advisories/4c97c1d6-4d9f-48e0-a628-3548d31a88f8

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.