Hard-coded Password Vulnerability in Mitsubishi Electric Software
CVE-2022-29825

5.6MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Gx Works3
Gt Designer3 Version1 (got2000)
Vendor
CVE Published:
25 November 2022

Summary

A hard-coded password vulnerability in Mitsubishi Electric's GX Works3 and GT Designer3 software allows unauthenticated attackers to gain access to sensitive information. This issue grants unauthorized users the ability to view project files and programs, or even execute software illegally, thereby compromising system integrity and confidentiality.

Affected Version(s)

GT Designer3 Version1 (GOT2000) from 1.122C to 1.290C

GX Works3 from 1.000A to 1.090U

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961/index.html
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.