Hard-coded Cryptographic Key Flaw in Mitsubishi Electric GX Works3
CVE-2022-29828

6.8MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Gx Works3
Vendor
CVE Published:
25 November 2022

Summary

The vulnerability in Mitsubishi Electric's GX Works3, present in versions from 1.000A onward, involves the use of hard-coded cryptographic keys. This flaw enables remote unauthenticated attackers to gain unauthorized access to sensitive information. Attackers can potentially view confidential project files and programs or execute unauthorized programs, leading to severe security breaches.

Affected Version(s)

GX Works3 from 1.000A and later

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961/index.html
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.