Mitsubishi Electric revealed that multiple Denial of Service (DoS) vulnerabilities exist in the TCP/IP protocol stack of its GOT (Graphic Operation Terminal) and Tension Controller because of improper handling of exceptional conditions and improper input validation. These security loopholes may be used by a remote attacker to cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.
Mitsubishi GOT and Tension Controller products are used globally in the critical manufacturing sector.
The affected products and versions of the Mitsubishi GOT Series under the GOT2000 series include the GT21 model. Under this model, all versions of GT2107-WTBD, GT2107-WTSD, GT2104-RTBD, GT2104-PMBD, and GT2103-PMBD are affected, Mitsubishi said in its advisory. The company also found security loopholes in its GOT SIMPLE series, GS21 model across all versions of its GS2110-WTBD, GS2107-WTBD, GS2110-WTBD-N, and GS2107-WTBD-N products.
In the case of the Tension Controller, Mitsubishi identified that all versions of the LE7-40GU-L product line were affected by security vulnerabilities.
The Mitsubishi GOT is a Human-Machine Interface (HMI) that delivers advanced functionality, acts as a seamless gateway to other industrial automation devices while increasing productivity and efficiency. It helps to downsize the operation panel, as switches and lamps are created using software, the number of components attached to the operation panel as hardware can be reduced and the panel itself can be downsized. It also cuts down wiring costs between components inside the operation panel.
The Mitsubishi Tension Controller delivers functions necessary for ‘tension control’ that is contained in the small form factor. In addition to the control functions, the tension controller has an easy-to-see display and a user-friendly panel. It has a power amplifier output for powder clutch/brake, and you can easily introduce highly functional tension control. Complete with network functions, the tension controllers come with Ethernet and RS-485 communication as standard built-in functions.
Mitsubishi Electric has advised its users to minimize the risk of exploiting this vulnerability by using a firewall or virtual private network (VPN) to prevent unauthorized access when Internet access is required. It also advised using within a LAN and blocking access from untrusted networks and hosts through firewalls, and using the IP filter function to restrict the accessible IP addresses.
In May, the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on the presence of buffer access with incorrect length value vulnerability in Mitsubishi’s GOT and Tension Controller. The exploitation of the vulnerability may be able to stop the communication function of the products, requiring a reset to regain functionality, it added.
Nozomi Networks Labs identified last month the presence of five vulnerabilities affecting Mitsubishi’s safety programmable logic controller (PLCs) that relate to the authentication of the MELSOFT communication protocol. An initial set of vulnerabilities were disclosed to the vendor through Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in January this year. A second set was disclosed more recently through the same process.