This updated advisory is a follow-up to the advisory update titled ICSA-22-221-01 Mitsubishi Electric GT SoftGOT2000 that was published August 9, 2022, to the ICS webpage on cisa.gov/ics.
Successful exploitation of these vulnerabilities could create a denial-of-service condition or enable arbitrary code execution.
The following version of GT SoftGOT2000 is affected:
- GOT2000 compatible HMI software (GT SoftGOT2000): Version 1.275M
- CC-Link IE TSN Industrial Managed Switch (NZ2MHG-TSNT8F2): Version 03 and prior [affected by CVE-2022-0778 only]
- MELSEC iQ-R Series OPC UA Server Module (RD81OPC96): Version 08 and prior [affected by CVE-2022-0778 only]
ISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities.
