3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.1%
This updated advisory is a follow-up to the original advisory titled ICSA-22-102-04 Mitsubishi Electric GT25-WLAN that was published April 12, 2022, on the ICS webpage on cisa.gov/ics.
There are multiple vulnerabilities due to design flaws in the frame fragmentation functionality and the frame aggregation functionality in the Wireless Communication Standards IEEE 802.11. These vulnerabilities could allow an attacker to steal communication contents or inject unauthorized packets.
The following versions of Wireless LAN communication unit GT25-WLAN in GOT2000 Series GT25 or GT27, are affected:
--------- Begin Update A Part 1 of 2 ---------
--------- End Update A Part 1 of 2 ---------
The affected product is vulnerable to a fragment cache attack as it does not clear fragments from memory when (re)connecting. This may allow an attacker to steal communication contents or inject unauthorized packets.
CVE-2020-24586 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).
The affected product is vulnerable to a mixed key attack as it reassembles fragments encrypted under different keys. This may allow an attacker to steal communication contents.
CVE-2020-24587 has been assigned to this vulnerability. A CVSS v3 base score of 2.6 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
The affected product is vulnerable to an aggregation attack as it accepts non-SPP A-MSDU frames. This may allow an attacker to inject unauthorized packets.
CVE-2020-24588 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).
The affected product can accept plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets.
CVE-2020-26140 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The affected product is vulnerable to accepting fragmented plaintext data frames in a protected network. This may allow an attacker to inject unauthorized packets.
CVE-2020-26143 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The affected product can accept plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL in an encrypted network. This may allow an attacker to inject unauthorized packets.
CVE-2020-26144 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
The affected product can reassemble encrypted fragments with non-consecutive packet numbers. This may allow an attacker to steal communication contents.
CVE-2020-26146 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Mitsubishi Electric reported these vulnerabilities to CISA.
Mitsubishi Electric has provided the following mitigations or workarounds.
-------- Begin Update A Part 2 of 2 ---------
For users who use the affected products and versions, please update to the fixed versions by following the steps:
Check the versions in use by referencing GOT2000 Series User’s Manual (Utility) (SH-081195ENG), 6.9 Package Data Management – “Property operation.”
The latest version of the manual is available from Mitsubishi Electric FA Global Website.
Fixed versions
Install system applications (extended function) “Wireless LAN” v01.45.000 or later.
Users are encouraged to follow the following update procedure:
-------- End Update A Part 2 of 2 ---------
When using the wireless LAN communication unit as an access point, check if the wireless LAN communication unit settings are as follows.
When using the wireless LAN communication unit as a station, check if the router settings are as follows:
Check the following when using a computer or tablet, etc., on the same network.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov/ics in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24586
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24587
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24588
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26140
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26143
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26144
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26146
cisa.gov/ics
cisa.gov/ics
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/212.html
cwe.mitre.org/data/definitions/306.html
cwe.mitre.org/data/definitions/326.html
cwe.mitre.org/data/definitions/74.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Mitsubishi%20Electric%20GT25-WLAN%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04
www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
www.cisa.gov/uscert/ics/recommended-practices
www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04&title=Mitsubishi%20Electric%20GT25-WLAN%20%28Update%20A%29
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04
www.mitsubishielectric.com/fa
www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html
www.mitsubishielectric.com/fa/products/hmi/got/smerit/gt_works3/manual/index.html
www.mitsubishielectric.com/fa/support/index.html
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-22-102-04
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Mitsubishi%20Electric%20GT25-WLAN%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-22-102-04
3.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
65.1%