Cleartext Storage of Sensitive Information in Mitsubishi Electric GX Works3 and GX Works2
CVE-2022-29832

3.7LOW

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Gx Works3
Gx Works2
Gx Developer
Vendor
CVE Published:
25 November 2022

Summary

A vulnerability exists in Mitsubishi Electric Corporation's GX Works3, GX Works2, and GX Developer that allows a remote unauthenticated attacker to access sensitive information. This vulnerability arises from the cleartext storage of project file data, potentially exposing sensitive configuration details of MELSEC safety CPU modules and the MELSEC Q/FX/L series. Unauthorized users could exploit this weakness to gain insight into critical project files, raising significant security concerns.

Affected Version(s)

GX Developer 8.40S and later

GX Works2 all versions

GX Works3 1.015R and later

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.