Hard-coded Password Vulnerability in Mitsubishi Electric GX Works3 Software
CVE-2022-29831

7.5HIGH

Key Information:

Vendor

Mitsubishi Electric Corporation

Status
Gx Works3
Vendor
CVE Published:
25 November 2022

What is CVE-2022-29831?

A hard-coded password vulnerability exists in Mitsubishi Electric Corporation's GX Works3 software, specifically affecting versions from 1.015R to 1.095Z. This flaw allows remote, unauthenticated attackers to access sensitive project file information related to MELSEC safety CPU modules. The vulnerability poses a significant risk as it enables potential information disclosure that can be exploited for further attacks or unauthorized access.

Affected Version(s)

GX Works3 from 1.015R to 1.095Z

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-29831 : Hard-coded Password Vulnerability in Mitsubishi Electric GX Works3 Software