CVE-2022-40268

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.14.000 through 01.47.000 Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.14.000 through 01.47.000 Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B through 1.285X

Description The issue is related to the improper restriction of rendered UI layers or frames in the GOT Mobile software for Mitsubishi Electric's GOT2000 series graphic operation terminals, models GT27 and GT25, and the HMI platform GT SoftGOT2000. This can allow a remote attacker to conduct a clickjacking attack using a specially crafted web page, leading legitimate users to perform unintended operations.

Recommendations For Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.14.000 through 01.47.000, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.14.000 through 01.47.000, update to a version outside of this range to mitigate the risk. For Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B through 1.285X, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable UI components until a patch is available.