Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users’ browsers or spoof legitimate users by abusing inappropriate HTML attributes.
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(500794);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id("CVE-2022-40269");
script_name(english:"Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CVE-2022-40269)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions
01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and
Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to
disclose sensitive information from users' browsers or spoof legitimate users by abusing inappropriate HTML attributes.
- Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27
model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions
01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows
a remote unauthenticated attacker to disclose sensitive information from users' browsers or spoof
legitimate users by abusing inappropriate HTML attributes. (CVE-2022-40269)
This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU91222434/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-033-02");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-021_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fa51635");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric recommends users update to the latest software versions. Mitsubishi Electricâs security advisory
contains step-by-step update instructions:
- GOT2000 Series
- GT27 model: Update to GOT Mobile version 01.48.000 or later.
- GT25 model: Update to GOT Mobile version 01.48.000 or later.
- GT SoftGOT2000: Update to software version 1.290C or later.
Mitsubishi Electric recommends users take the following mitigations to minimize the exploitation risk of these
vulnerabilities:
- When internet access is required, use a firewall, virtual private network (VPN), etc. to prevent unauthorized access.
- Use devices within a local area network (LAN) and block access from untrusted networks and hosts.
- Install antivirus software on hosts running affected software/firmware.
- Use the IP filter function to control access via IP address.
- GT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). â5.4.3 Setting the IP filterâ
- Disable GOT Mobile Function.
Users should refer to Mitsubishi Electricâs security advisory for further information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40269");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(290);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/02");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt25_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt27_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:gt27_firmware" :
{"versionEndExcluding" : "01.48.000", "versionStartIncluding" : "01.14.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt25_firmware" :
{"versionEndExcluding" : "01.48.000", "versionStartIncluding" : "01.14.000", "family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | gt25_firmware | cpe:/o:mitsubishielectric:gt25_firmware | |
mitsubishielectric | gt27_firmware | cpe:/o:mitsubishielectric:gt27_firmware |