Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501601);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");
script_cve_id("CVE-2023-3373");
script_name(english:"Mitsubishi Electric GOT2000 and GOT SIMPLE (CVE-2023-3373)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Predictable Exact Value from Previous Values vulnerability in
Mitsubishi Electric Corporation GOT2000 Series GT21 model versions
01.49.000 and prior and GOT SIMPLE Series GS21 model versions
01.49.000 and prior allows a remote unauthenticated attacker to hijack
data connections (session hijacking) or prevent legitimate users from
establishing data connections (to cause DoS condition) by guessing the
listening port of the data connection on FTP server and connecting to
it.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-23-215-01");
# https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-006_en.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3764f2aa");
script_set_attribute(attribute:"see_also", value:"https://jvn.jp/vu/JVNVU92167394/index.html");
script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.
Mitsubishi Electric has created the following versions to fix this issue:
- âÂÂGOT2000 Series, GT21 model version 01.50.000 or later
- âÂÂGOT SIMPLE, GS21 model version 01.50.000 or later
âÂÂMitsubishi Electric recommends the following steps to update:
- âÂÂPlease contact your local Mitsubishi Electric representative to download the fixed version of GT Designer3 Version1
(GOT2000) and install on a personal computer.
- âÂÂStart the GT Designer3 Version1 (GOT2000) and open the project data used in affected products.
- âÂÂSelect [Write to GOT] from [Communication] menu to write the required package data to the GOT. âÂÂPlease refer to the
GT Designer3 Version1 (GOT2000) Screen Design Manual (SH-081220ENG). âÂÂâÂÂ4. COMMUNICATING WITH GOTâÂÂ
- âÂÂAfter writing the required package data to the GOT, refer to the <How to check the versions in use> and check that
the software has been updated to the fixed versions.
âÂÂThe fixed versions are shipped with GT Designer3 Version1(GOT2000) Ver. 1.300 N or later.
âÂÂMitsubishi Electric recommends that customers take the following mitigations or workarounds to minimize the risk of
exploiting this vulnerability:
- âÂÂRestrict physical access to the product and the LAN to which it is connected.
- âÂÂWhen Internet access is required, use a virtual private network (VPN) or other means to prevent unauthorized access.
- âÂÂUse the products within a LAN and block access from untrusted networks and hosts.
- âÂÂInstall antivirus software on your computer that can access the affected product.
- âÂÂUse the IP filter function to restrict the accessible IP addresses.
- âÂÂGT Designer3 (GOT2000) Screen Design Manual (SH-081220ENG). âÂÂ5.4.3 Setting the IP filterâÂÂ
- âÂÂReview whether the FTP server function is required or not, and if not, disable the FTP server function.
âÂÂUsers should refer to Mitsubishi ElectricâÂÂs security advisory for further information.
âÂÂ");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-3373");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(330);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/04");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/10");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gs21_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mitsubishielectric:gt21_firmware");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Mitsubishi");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Mitsubishi');
var asset = tenable_ot::assets::get(vendor:'Mitsubishi');
var vuln_cpes = {
"cpe:/o:mitsubishielectric:gt21_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"},
"cpe:/o:mitsubishielectric:gs21_firmware" :
{"versionEndExcluding" : "01.50.000", "family" : "Mitsubishi"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
mitsubishielectric | gs21_firmware | cpe:/o:mitsubishielectric:gs21_firmware | |
mitsubishielectric | gt21_firmware | cpe:/o:mitsubishielectric:gt21_firmware |