CVE-2022-29826

Published: Nov 25, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.

Affected (2)

Products: Mitsubishielectric: Gx Works3

Mitsubishielectric

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Gx Works3	From 1.000a to 1.011m
Mitsubishielectric Gx Works3	From 1.015r to 1.086q

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

https://jvn.jp/vu/JVNVU97244961/index.html

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryVDB Entry

https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

MitigationVendor Advisory

https://jvn.jp/vu/JVNVU97244961/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.