Weak Password Encoding in Mitsubishi Electric GOT2000 and GOT SIMPLE Series
CVE-2023-0525

7.5HIGH

Key Information:

Vendor: Mitsubishi Electric Corporation
Status: Got2000 Series Gt27 Model; Got2000 Series Gt25 Model; Got2000 Series Gt23 Model; Got2000 Series Gt21 Model
Vendor: CVE Published:; 4 August 2023

Summary

The vulnerability in Mitsubishi Electric's GOT2000 and GOT SIMPLE Series enables remote unauthenticated attackers to exploit weak encoding practices for passwords. By intercepting and decrypting packets that contain encrypted passwords, attackers can gain access to plaintext credentials during data transfers, especially when security functions are enabled. This highlights the critical need for robust password management and secure data transmission measures to protect sensitive information.

Affected Version(s)

GOT SIMPLE Series GS21 model 01.49.000 and prior

GOT SIMPLE Series GS25 model 01.49.000 and prior

GOT2000 Series GT21 model 01.49.000 and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...

https://jvn.jp/vu/JVNVU95285923/index.html

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Jan 27, 2023