Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller

• September 14, 2021
• aziladmin
• No Comments

Overview

Multiple Denial of Service (DoS) vulnerabilities due to improper handling of exceptional conditions and improper input validation exist in TCP/IP protocol stack of GOT and Tension Controller. A remote attacker may cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.

The details of these vulnerabilities are under investigation. We will complete our investigation and update this advisory in the near future.

Affected products

Affected products and versions are below.

(1) Human-Machine Interfaces-GOT

(2) Tension Controller

Description

Multiple DoS vulnerabilities due to improper handling of exception conditions and improper input validation exist in TCP/IP protocol stack of GOT and Tension Controller.

Impact

A remote attacker may cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.

Countermeasures

Countermeasures are under consideration. Please implement mitigations/workarounds.

Mitigations/Workarounds

We recommend that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:

– Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

– Use within a LAN and block access from untrusted networks and hosts through firewalls.

– Use the IP filter function*1, 2 to restrict the accessible IP addresses.

*1：GT Designer3 (GOT2000) Screen Design Manual(SH-081220ENG). “5.4.3 Setting the IP filter”

*2：GOT support the IP filter function, Tension Controller does not support it.