CVE-2022-40269

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.14.000 through 01.47.000 Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.14.000 through 01.47.000 Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B through 1.285X

Description The issue is related to an authentication bypass by spoofing in the Mitsubishi Electric GOT2000 series and GT SoftGOT2000 platform. This allows a remote attacker to gain unauthorized access to protected information by abusing inappropriate HTML attributes, potentially disclosing sensitive information from users' browsers or spoofing legitimate users.

Recommendations For Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.14.000 through 01.47.000, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.14.000 through 01.47.000, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B through 1.285X, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.