Cleartext Storage Vulnerability in Mitsubishi Electric GX Works3 Software
CVE-2022-29826

6.8MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Gx Works3
Motion Control Setting(gx Works3 Related Software)
Vendor
CVE Published:
25 November 2022

Summary

A vulnerability in Mitsubishi Electric's GX Works3 software allows remote unauthenticated attackers to access sensitive data. This flaw impacts versions from 1.000A to 1.087R of GX Works3 and versions from 1.000A to 1.042U of Motion Control Setting. Attackers can illegally execute programs and view project files, posing serious risks to data confidentiality and integrity.

Affected Version(s)

GX Works3 from 1.000A to 1.087R

Motion Control Setting(GX Works3 related software) from 1.000A to 1.042U

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961/index.html
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.