Cleartext Storage of Sensitive Information in Mitsubishi Electric GX Works3 and MX OPC UA Module
CVE-2022-25164
8.6HIGH
Key Information:
- Vendor
- CVE Published:
- 25 November 2022
What is CVE-2022-25164?
Mitsubishi Electric's GX Works3 and MX OPC UA Module Configurator-R suffer from a vulnerability that enables remote, unauthenticated attackers to access cleartext sensitive information. This opens pathways for unauthorized disclosure of critical data, potentially affecting the integrity and confidentiality of the MELSEC CPU module and the MELSEC OPC UA server module. Users of affected versions are advised to implement security measures to defend against unauthorized remote access.
Affected Version(s)
GX Works3 from 1.000A to 1.095Z
MX OPC UA Module Configurator-R 1.08J and prior