CVE-2022-29833

Published: Nov 25, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.

Affected (2)

Products: Mitsubishielectric: Gx Works3

Mitsubishielectric

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mitsubishielectric Gx Works3	From 1.015r to 1.086q
Mitsubishielectric Gx Works3	From 1.087r

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

https://jvn.jp/vu/JVNVU97244961

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Third Party AdvisoryVDB Entry

https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

MitigationVendor Advisory

https://jvn.jp/vu/JVNVU97244961

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.