Clickjacking Vulnerability in Mitsubishi Electric GOT2000 Series and GT SoftGOT2000
CVE-2022-40268

6.1MEDIUM

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Got2000 Series Gt27 Model; Got2000 Series Gt25 Model; Gt Softgot2000
Vendor: CVE Published:; 2 February 2023

Summary

A vulnerability exists in Mitsubishi Electric Corporation's GOT2000 Series GT27 and GT25 models, along with GT SoftGOT2000, which enables a remote unauthenticated attacker to exploit clickjacking techniques. This flaw could manipulate legitimate users into executing unintended operations without their knowledge. By taking advantage of the improper restriction of rendered UI layers or frames, attackers can lead users to interact with deceptive interfaces, thus compromising the integrity of operations carried out on these devices.

Affected Version(s)

GOT2000 Series GT25 model 01.14.000 to 01.47.000

GOT2000 Series GT27 model 01.14.000 to 01.47.000

GT SoftGOT2000 1.265B to 1.285X

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://jvn.jp/vu/JVNVU91222434/index.html

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 2, 2023
Vulnerability Reserved
Sep 8, 2022