CVE-2023-0525

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.49.000 and prior Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.49.000 and prior Mitsubishi Electric Corporation GOT2000 Series GT23 versions 01.49.000 and prior Mitsubishi Electric Corporation GOT2000 Series GT21 versions 01.49.000 and prior Mitsubishi Electric Corporation GOT SIMPLE Series GS25 versions 01.49.000 and prior Mitsubishi Electric Corporation GOT SIMPLE Series GS21 versions 01.49.000 and prior Mitsubishi Electric Corporation GT Designer3 Version1 (GOT2000) versions 1.295H and prior Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.295H and prior

Description The issue allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords. This can occur when transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or when transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.

Recommendations For Mitsubishi Electric Corporation GOT2000 Series GT27 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GOT2000 Series GT25 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GOT2000 Series GT23 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GOT2000 Series GT21 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GOT SIMPLE Series GS25 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GOT SIMPLE Series GS21 versions 01.49.000 and prior, update to a version later than 01.49.000. For Mitsubishi Electric Corporation GT Designer3 Version1 (GOT2000) versions 1.295H and prior, update to a version later than 1.295H. For Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.295H and prior, update to a version later than 1.295H. As a temporary workaround, consider disabling the Data Transfer Security function until a patch is available. Restrict access to the data transfer functions to minimize the risk of exploitation.