Azil Networks
Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller

Multiple Denial of Service (DoS) Vulnerabilities in TCP/IP Protocol Stack of GOT and Tension Controller

Overview

Multiple Denial of Service (DoS) vulnerabilities due to improper handling of exceptional conditions and improper input validation exist in TCP/IP protocol stack of GOT and Tension Controller. A remote attacker may cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.

The details of these vulnerabilities are under investigation. We will complete our investigation and update this advisory in the near future.

Affected products

Affected products and versions are below.

(1) Human-Machine Interfaces-GOT

SeriesModelProduct NameVersion
GOT2000 seriesGT21 modelGT2107-WTBDAll versions
GT2107-WTSDAll versions
GT2104-RTBDAll versions
GT2104-PMBDAll versions
GT2103-PMBDAll versions
GOT SIMPLE seriesGS21 modelGS2110-WTBDAll versions
GS2107-WTBDAll versions
GS2110-WTBD-NAll versions
GS2107-WTBD-NAll versions

(2) Tension Controller

Product NameVersion
LE7-40GU-LAll versions

Description

Multiple DoS vulnerabilities due to improper handling of exception conditions and improper input validation exist in TCP/IP protocol stack of GOT and Tension Controller.

Impact

A remote attacker may cause a DoS condition of GOT and Tension Controller by sending specially crafted packets.

Countermeasures

Countermeasures are under consideration. Please implement mitigations/workarounds.

Mitigations/Workarounds

We recommend that customers take the following mitigation measures to minimize the risk of exploiting this vulnerability:

– Use a firewall or virtual private network (VPN), etc. to prevent unauthorized access when Internet access is required.

– Use within a LAN and block access from untrusted networks and hosts through firewalls.

– Use the IP filter function*1, 2 to restrict the accessible IP addresses.

*1:GT Designer3 (GOT2000) Screen Design Manual(SH-081220ENG). “5.4.3 Setting the IP filter”

*2:GOT support the IP filter function, Tension Controller does not support it.

Let us tailor a service package that meets your needs.

Tell us a little about your business, and we will get back to you with some ideas as soon as possible.