Security Warnings

Your review has been sent successfully
Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Mitsubishi Electric Updates

124

Warning Date: 28 July, 2021

Severity Level ● High

Warning Number: 2021-3266

Target Sector: Manufacturing

Description:

Mitsubishi Electric has released security updates to address multiple vulnerabilities in the following products:

  • GOT2000 models GT27, GT25, GT23
    • All communication driver versions between 01.19.000 and 01.39.010. These versions are affected when using the “MODBUS/TCP Slave, Gateway” communication driver.
  • GT SoftGOT2000
    • All versions between 1.170C and 1.256S. These versions are affected when configured to use “MODBUS/TCP Slave”
  • GOT2000 series
    • GT27 model: VNC server
      • Versions 01.39.010 and prior
    • GT25 model: VNC server
      • Versions 01.39.010 and prior
    • GT21 model: 
      • GT2107-WTBD: VNC server
        • Versions 01.40.000 and prior
      • GT2107-WTSD: VNC server
        • Versions 01.40.000 and prior
  • GOT SIMPLE series
    • GS21 model
      • GS2110-WTBD-N: VNC server
        • Versions 01.40.000 and prior
      • GS2107-WTBD-N: VNC server
        • Versions 01.40.000 and prior
  • C Controller Interface Module Utility
    • all versions
  • C Controller Module Setting and Monitoring Tool
    • all versions
  • CC-Link IE Control Network Data Collector
    • all versions
  • CC-Link IE Field Network Data Collector
    • all versions
  • CPU Module Logging Configuration Tool
    • Versions 1.100E and prior
  • CW Configurator
    • Versions 1.010L and prior
  • Data Transfer
    • Versions 3.42U and prior
  • EZSocket
    • version 5.1 and prior
  • FR Configurator SW3
    • all versions
  • FR Configurator2
    • all versions
  • GT Designer2 Classic
    • all versions
  • GT Designer3 Version1 (GOT1000)
    • Versions 1.241B and prior
  • GT Designer3 Version1 (GOT2000)
    • Versions 1.241B and prior
  • GT SoftGOT1000 Version3
    • Versions 3.200J and prior
  • GT SoftGOT2000 Version1
    • Versions 1.241B and prior
  • GX Developer
    • Versions 8.504A and prior
  • GX LogViewer
    • Versions 1.100E and prior
  • GX Works2
    • all versions
  • GX Works3
    • Versions 1.063R and prior
  • M_CommDTM-IO-Link
    • all versions
  • MELFA-Works
    • all versions
  • MELSEC WinCPU Setting Utility
    • all versions
  • MELSOFT Complete Clean Up Tool
    • all versions
  • MELSOFT EM Software Development Kit
    • all versions
  • MELSOFT iQ AppPortal
    • 1.17T and prior
  • MELSOFT Navigator
    • all versions
  • MI Configurator
    • all versions
  • Motion Control Setting
    • Versions 1.005F and prior
  • Motorizer
    • Versions 1.005F and prior
  • MR Configurator2
    • all versions
  • MT Works2
    • all versions
  • MTConnect Data Collector
    • all versions
  • MX Component
    • Version 4.20W and prior
  • MX MESInterface
    • Versions 1.21X and prior
  • MX MESInterface-R
    • Versions 1.12N and prior
  • MX Sheet
    • Version 2.15R and prior
  • Network Interface Board CC IE Control Utility
    • all versions
  • Network Interface Board CC IE Field Utility
    • all versions
  • Network Interface Board CC-Link Ver.2 Utility
    • all versions
  • Network Interface Board MNETH Utility
    • all versions
  • Position Board utility 2
    • all versions
  • PX Developer
    • version 1.53F and prior
  • RT ToolBox2
    • all versions
  • RT ToolBox3
    • all versions
  • Setting/monitoring tools for the C Controller module
    • all versions
  • SLMP Data Collector
    • all versions

Threats:

Attackers could exploit these vulnerabilities by doing the following:

  • Triggering a Denial of service attack (DoS)
  • Gain unauthorized access

Best practice and Recommendations:

The CERT team encourages users to review Mitsubishi Electric security advisory:

Last updated at 28 July, 2021

Rate the content

rate-icon