Description:

Mitsubishi Electric has released security updates to address several vulnerabilities in the following product:

• GOT2000 compatible HMI software (GT SoftGOT2000): Version 1.275M
• CC-Link IE TSN Industrial Managed Switch (NZ2MHG-TSNT8F2): Version 03 and prior [affected by CVE-2022-0778 only]
• MELSEC iQ-R Series OPC UA Server Module (RD81OPC96): Version 08 and prior [affected by CVE-2022-0778 only]
• MELSEC CPU Models
  --------- Begin Update A Part 2 of 7 ---------
  • iQ-R Series
    • R12CCPU-V: Firmware Version 16 and prior
      --------- End Update A Part 2 of 7 ---------
  • Q Series
    • Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: Versions with the first 5 digits of serial No. 24061 and prior
    • Q03/04/06/13/26UDVCPU: Versions with the first 5 digits of serial No. 24051 and prior
    • Q04/06/13/26UDPVCPU: Versions with the first 5 digits of serial No. 24051 and prior
      --------- Begin Update A Part 3 of 7 ---------
    • Q12DCCPU-V, Q24DHCCPU-V(G), Q24/26DHCCPU-LS: All versions
      --------- End Update A Part 3 of 7 ---------
  • L Series
    • L02/06/26CPU(-P), L26CPU-(P)BT: Versions with the first 5 digits of serial No. 24051 and prior

--------- Begin Update A Part 4 of 7 ---------

• MELIPC Series
  • MI5122-VW: Firmware Version 05 and prior

--------- End Update A Part 4 of 7 ---------

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Execute arbitrary code

Best practice and Recommendations:

The CERT team encourages users to review Mitsubishi Electric security advisory:

• https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-007_en.pdf
• https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-009_en.pdf