Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501602);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id("CVE-2023-0525");
script_name(english:"Mitsubishi Electric GT and GOT Series Products (CVE-2023-0525)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Weak Encoding for Password vulnerability in Mitsubishi Electric
Corporation GOT2000 Series GT27 model versions 01.49.000 and prior,
GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000
and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series
GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000
and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior
and GT SoftGOT2000 versions 1.295H and prior allows a remote
unauthenticated attacker to obtain plaintext passwords by sniffing
packets containing encrypted passwords and decrypting the encrypted
passwords, in the case of transferring data with GT Designer3
Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the
Data Transfer Security function enabled, or in the case of
transferring data by the SoftGOT-GOT link function with GT SoftGOT2000
and GOT2000 series with the Data Transfer Security function enabled.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-02");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-008_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1ed9f51");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU95285923/index.html");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric recommends updating to the following mitigated version to minimize the risk of exploiting this
vulnerability:
- âGT Designer3 Version1 (GOT2000): Update to v1.300N or later
- âGT SoftGOT2000: Update to v1.300N or later
- âGOT2000 (Models GT21, GT23, GT25, GT27): Update to v01.50.000 or later
- âGOT SIMPLE (Models GS25, GS21): Update to v01.50.000 or later
âMitsubishi Electric recommends taking applying the following mitigations to minimize the risk of exploiting this
vulnerability:
- âEncrypt communication paths to the affected product with a VPN or other means.
- âWhen internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
- âUse the affected products within a LAN and block access from untrusted networks and hosts.
- âPrevent physical access to the network to which the product is connected.
- âInstall antivirus software on your personal computer that can access the affected product.
- âUse the IP filter function to restrict the accessible IP addresses.
- âFor details on the IP filter function, please refer to GT Designer3 (GOT2000) Screen Design Manual
(SH-081220ENG), â5.4.3 Setting the IP filter.â
âFor update instructions and additional information, refer to Mitsubishi Electricâs security bulletin.
â");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0525");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(326);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/04");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs21_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs25_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt21_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt23_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt25_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt27_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:gt27_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt25_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt23_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gt21_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gs25_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gs21_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | gs21_firmware | cpe:/o:mitsubishielectric:gs21_firmware | |
mitsubishielectric | gs25_firmware | cpe:/o:mitsubishielectric:gs25_firmware | |
mitsubishielectric | gt21_firmware | cpe:/o:mitsubishielectric:gt21_firmware | |
mitsubishielectric | gt23_firmware | cpe:/o:mitsubishielectric:gt23_firmware | |
mitsubishielectric | gt25_firmware | cpe:/o:mitsubishielectric:gt25_firmware | |
mitsubishielectric | gt27_firmware | cpe:/o:mitsubishielectric:gt27_firmware |