ICSA-22-102-04
Vulnerability from csaf_cisa - Published: 2022-04-12 00:00 - Updated: 2022-05-12 00:00Summary
Mitsubishi Electric GT25-WLAN
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
CWE-212
- Improper Removal of Sensitive Information Before Storage or Transfer
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
CWE-326
- Inadequate Encryption Strength
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
CWE-306
- Missing Authentication for Critical Function
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
6.5 (Medium)
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
6.5 (Medium)
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
6.5 (Medium)
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
5.3 (Medium)
Mitigation
For users who use the affected products and versions, please update to the fixed versions
Mitigation
Check the versions in use by referencing GOT2000 Series User's Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - “Property operation.”
Mitigation
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
https://www.mitsubishielectric.com/fa
Mitigation
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Mitigation
Fixed system applications (extended function) “Wireless LAN” is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.
Mitigation
This does not include countermeasures for CVE-2020-26146
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…
Mitigation
Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).
https://www.mitsubishielectric.com/fa/support/ind…
Mitigation
Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
Mitigation
Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to “4. COMMUNICATING WITH GOT” in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
After writing the required package data to the GOT, refer to the “How to check the versions in use” and check the fixed versions.
Mitigation
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
Mitigation
For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.
Mitigation
Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) “5.4.3 Setting the IP filter”
https://www.mitsubishielectric.com/fa/products/hm…
Mitigation
When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.
Mitigation
If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).
Mitigation
Set password for the router's Management portal, which is difficult to be identified.
Mitigation
Check the following when using a computer or tablet, etc., on the same network.
Mitigation
Update Antivirus software to the latest version.
Mitigation
Do not open or access suspicious attachment file or linked URL.
References
Acknowledgments
Mitsubishi Electric
{
"document": {
"acknowledgments": [
{
"organization": "Mitsubishi Electric",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet; Locate control system networks and remote devices behind firewalls and isolate them from the business network; When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-102-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-102-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-102-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Mitsubishi Electric GT25-WLAN",
"tracking": {
"current_release_date": "2022-05-12T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-102-04",
"initial_release_date": "2022-04-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-04-12T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-102-04 Mitsubishi Electric GT25-WLAN"
},
{
"date": "2022-05-12T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-22-102-04 Mitsubishi Electric GT25-WLAN (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 01.39.000",
"product": {
"name": "GT25-WLAN: Version 01.39.000 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "GT25-WLAN"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-24586",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to a fragment cache attack as it does not clear fragments from memory when (re)connecting. This may allow an attacker to steal communication contents or inject unauthorized packets. CVE-2020-24586 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24586"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24587",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to a mixed key attack as it reassembles fragments encrypted under different keys. This may allow an attacker to steal communication contents. CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of 2.6 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24587"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-24588",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to an aggregation attack as it accepts non-SPP A-MSDU frames. This may allow an attacker to inject unauthorized packets. CVE-2020-24588 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24588"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26140",
"cwe": {
"id": "CWE-74",
"name": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The affected product can accept plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets. CVE-2020-26140 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26140"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26143",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product is vulnerable to accepting fragmented plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets. CVE-2020-26143 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26143"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26144",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product can accept plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL in an encrypted network. This may allow an attacker to inject unauthorized packets. CVE-2020-26144 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26144"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2020-26146",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected product can reassemble encrypted fragments with non-consecutive packet numbers. This may allow an attacker to steal communication contents. CVE-2020-26146 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "For users who use the affected products and versions, please update to the fixed versions",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the versions in use by referencing GOT2000 Series User\u0027s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management - \u201cProperty operation.\u201d",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "The latest version of the manual is available from Mitsubishi Electric FA Global Website.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa"
},
{
"category": "mitigation",
"details": "Install system applications (extended function) \u201cWireless LAN\u201d v01.45.000 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Fixed system applications (extended function) \u201cWireless LAN\u201d is included in GT Designer3 Version 1 (GOT2000) v1.275M or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "This does not include countermeasures for CVE-2020-26146",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146"
},
{
"category": "mitigation",
"details": "Download and install the fixed version of MELSOFT GT Designer3 (GOT2000). Please contact a Mitsubishi Electric representative about MELSOFT GT Designer3 (GOT2000).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/support/index.html"
},
{
"category": "mitigation",
"details": "Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Select [Write to GOT] from [Communication] menu to write the required package data to the GOT. Please refer to \u201c4. COMMUNICATING WITH GOT\u201d in the GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG).",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "After writing the required package data to the GOT, refer to the \u201cHow to check the versions in use\u201d and check the fixed versions.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Use the IP filter function*1 to restrict the accessible IP addresses. *1- Refer to GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG) \u201c5.4.3 Setting the IP filter\u201d",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html"
},
{
"category": "mitigation",
"details": "When using the wireless LAN communication unit as a station, check if the router settings are as follows: For the passphrase used for wireless LAN, avoid settings that can be guessed from the consecutive numbers and MAC address, and set an unpredictable passphrase combining letters and numbers. Use WPA or WPA2 as the security authentication method for wireless LAN.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "If you change the router settings, hide its presence on the Internet to make it difficult for unauthorized access. (e.g., set to not respond to PING requests).",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Set password for the router\u0027s Management portal, which is difficult to be identified.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Check the following when using a computer or tablet, etc., on the same network.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Update Antivirus software to the latest version.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Do not open or access suspicious attachment file or linked URL.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…