Cleartext Storage of Sensitive Information in Mitsubishi Electric GX Works3 and MX OPC UA Module
CVE-2022-25164

8.6HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Gx Works3
Mx Opc Ua Module Configurator-r
Vendor
CVE Published:
25 November 2022

What is CVE-2022-25164?

Mitsubishi Electric's GX Works3 and MX OPC UA Module Configurator-R suffer from a vulnerability that enables remote, unauthenticated attackers to access cleartext sensitive information. This opens pathways for unauthorized disclosure of critical data, potentially affecting the integrity and confidentiality of the MELSEC CPU module and the MELSEC OPC UA server module. Users of affected versions are advised to implement security measures to defend against unauthorized remote access.

Affected Version(s)

GX Works3 from 1.000A to 1.095Z

MX OPC UA Module Configurator-R 1.08J and prior

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961/index.html
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.