Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MITSUBISHI_CVE-2020-5675.NASLHistoryFeb 07, 2022 - 12:00 a.m.
Mitsubishi Electric GOT and Tension Controller (CVE-2020-5675)
2022-02-0700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
0.004 Low
EPSS
Percentile
73.0%
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(500531);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/13");
script_cve_id("CVE-2020-5675");
script_name(english:"Mitsubishi Electric GOT and Tension Controller (CVE-2020-5675)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions,
GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD
all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to
cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of
communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may
occur.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more
information.");
# https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2020-017.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f8a8e384");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-017_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab9fe94c");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU99277775/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-20-343-02");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric has fixed the basic system application for GOT2000 series GT21 model or GOT SIMPLE series GS21
model, which is shipped with GT Designer3 (2000) versions 1.255R or later.
To apply version v01.40.000 or later to GOT2000 series GT21 model or GOT SIMPLE series GS21 model, use the following
update procedure:
- Download the fixed version of MELSOFT GT Designer3(2000) and install into the PC. Please contact a Mitsubishi Electric
representative about MELSOFT GT Designer3(2000).
- Start the MELSOFT GT Designer3 (GOT2000) and open the project data used in affected products.
- Select Write to GOT from Communication menu to write the required package data to the GOT.
- Please refer to the GT Designer3 (GOT2000) Screen Design Manual.
- After writing the required package data to the GOT, refer to the publication from Mitsubishi Electric to learn how to
confirm if using the updated version.
Mitsubishi Electric has provided the following procedure to update the tension controller to Version 1.01 or later:
- Contact a Mitsubishi Electric representative for the fixed version of the screen package data.
- Install the engineering tool (âData Transfer Toolâ or âGT Designer 3 (GOT2000)â) in your PC. Contact a Mitsubishi
Electric representative for the latest engineering tool.
- Connect LE7-40GU-L and your PC with a USB cable.
- Write the screen package data to LE7-40GU-L using the âGOT writeâ function of the engineering tool.
- After writing is completed, restart LE7-40GU-L.
- Refer to the publication from Mitsubishi Electric to learn how to confirm if using the updated version.
Until the update can be applied, Mitsubishi Electric asks that users restrict access to the product only from trusted
networks and hosts.
Please refer to the Mitsubishi Electric website for details.
Additional information about the vulnerability or Mitsubishi Electric recommendations is available by contacting a
Mitsubishi Electric representative.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5675");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(125);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/04");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt2107-wtbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt2107-wtsd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt2104-rtbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt2104-pmbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt2103-pmbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs2110-wtbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs2107-wtbd_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:le7-40gu-l_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:gt2107-wtbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt2107-wtsd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt2104-rtbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt2104-pmbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt2103-pmbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gs2110-wtbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gs2107-wtbd_firmware" :
{"family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:le7-40gu-l_firmware" :
{"family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mitsubishielectric | gt2107-wtbd_firmware | cpe:/o:mitsubishielectric:gt2107-wtbd_firmware | |
| mitsubishielectric | gt2107-wtsd_firmware | cpe:/o:mitsubishielectric:gt2107-wtsd_firmware | |
| mitsubishielectric | gt2104-rtbd_firmware | cpe:/o:mitsubishielectric:gt2104-rtbd_firmware | |
| mitsubishielectric | gt2104-pmbd_firmware | cpe:/o:mitsubishielectric:gt2104-pmbd_firmware | |
| mitsubishielectric | gt2103-pmbd_firmware | cpe:/o:mitsubishielectric:gt2103-pmbd_firmware | |
| mitsubishielectric | gs2110-wtbd_firmware | cpe:/o:mitsubishielectric:gs2110-wtbd_firmware | |
| mitsubishielectric | gs2107-wtbd_firmware | cpe:/o:mitsubishielectric:gs2107-wtbd_firmware | |
| mitsubishielectric | le7-40gu-l_firmware | cpe:/o:mitsubishielectric:le7-40gu-l_firmware |
Related
nvd
nvd
CVE-2020-5675
2020-12-04 08:15:11
prion
prion
Design/Logic Flaw
2020-12-04 08:15:00
cvelist
cvelist
CVE-2020-5675
2020-12-04 07:10:19
cve
cve
CVE-2020-5675
2020-12-04 08:15:11
ics
ics
Mitsubishi Electric GOT and Tension Controller (Update B)
2022-01-20 12:00:00