Mitsubishi Electric Updates
2228Warning Date
Severity Level
Warning Number
Target Sector
28 July, 2021
● High
2021-3266
Manufacturing
Description:
Mitsubishi Electric has released security updates to address multiple vulnerabilities in the following products:
- GOT2000 models GT27, GT25, GT23
- All communication driver versions between 01.19.000 and 01.39.010. These versions are affected when using the “MODBUS/TCP Slave, Gateway” communication driver.
- GT SoftGOT2000
- All versions between 1.170C and 1.256S. These versions are affected when configured to use “MODBUS/TCP Slave”
- GOT2000 series
- GT27 model: VNC server
- Versions 01.39.010 and prior
- GT25 model: VNC server
- Versions 01.39.010 and prior
- GT21 model:
- GT2107-WTBD: VNC server
- Versions 01.40.000 and prior
- GT2107-WTSD: VNC server
- Versions 01.40.000 and prior
- GT2107-WTBD: VNC server
- GT27 model: VNC server
- GOT SIMPLE series
- GS21 model
- GS2110-WTBD-N: VNC server
- Versions 01.40.000 and prior
- GS2107-WTBD-N: VNC server
- Versions 01.40.000 and prior
- GS2110-WTBD-N: VNC server
- GS21 model
- C Controller Interface Module Utility
- all versions
- C Controller Module Setting and Monitoring Tool
- all versions
- CC-Link IE Control Network Data Collector
- all versions
- CC-Link IE Field Network Data Collector
- all versions
- CPU Module Logging Configuration Tool
- Versions 1.100E and prior
- CW Configurator
- Versions 1.010L and prior
- Data Transfer
- Versions 3.42U and prior
- EZSocket
- version 5.1 and prior
- FR Configurator SW3
- all versions
- FR Configurator2
- all versions
- GT Designer2 Classic
- all versions
- GT Designer3 Version1 (GOT1000)
- Versions 1.241B and prior
- GT Designer3 Version1 (GOT2000)
- Versions 1.241B and prior
- GT SoftGOT1000 Version3
- Versions 3.200J and prior
- GT SoftGOT2000 Version1
- Versions 1.241B and prior
- GX Developer
- Versions 8.504A and prior
- GX LogViewer
- Versions 1.100E and prior
- GX Works2
- all versions
- GX Works3
- Versions 1.063R and prior
- M_CommDTM-IO-Link
- all versions
- MELFA-Works
- all versions
- MELSEC WinCPU Setting Utility
- all versions
- MELSOFT Complete Clean Up Tool
- all versions
- MELSOFT EM Software Development Kit
- all versions
- MELSOFT iQ AppPortal
- 1.17T and prior
- MELSOFT Navigator
- all versions
- MI Configurator
- all versions
- Motion Control Setting
- Versions 1.005F and prior
- Motorizer
- Versions 1.005F and prior
- MR Configurator2
- all versions
- MT Works2
- all versions
- MTConnect Data Collector
- all versions
- MX Component
- Version 4.20W and prior
- MX MESInterface
- Versions 1.21X and prior
- MX MESInterface-R
- Versions 1.12N and prior
- MX Sheet
- Version 2.15R and prior
- Network Interface Board CC IE Control Utility
- all versions
- Network Interface Board CC IE Field Utility
- all versions
- Network Interface Board CC-Link Ver.2 Utility
- all versions
- Network Interface Board MNETH Utility
- all versions
- Position Board utility 2
- all versions
- PX Developer
- version 1.53F and prior
- RT ToolBox2
- all versions
- RT ToolBox3
- all versions
- Setting/monitoring tools for the C Controller module
- all versions
- SLMP Data Collector
- all versions
Threats:
Attackers could exploit these vulnerabilities by doing the following:
- Triggering a Denial of service attack (DoS)
- Gain unauthorized access
Best practice and Recommendations:
The CERT team encourages users to review Mitsubishi Electric security advisory: