Insufficiently Protected Credentials in Mitsubishi Electric GX Works3
CVE-2022-29833

6.8MEDIUM

Key Information:

Vendor
Mitsubishi Electric Corporation
Status
Gx Works3
Vendor
CVE Published:
25 November 2022

Summary

A vulnerability has been identified in Mitsubishi Electric's GX Works3, which allows remote unauthenticated attackers to access MELSEC safety CPU modules and disclose sensitive information. The issue stems from insufficient protection of credentials in versions 1.015R and later of the software, enabling unauthorized users to exploit the system. This vulnerability poses significant risks to data integrity and system security, necessitating prompt attention from all users of the affected product.

Affected Version(s)

GX Works3 1.015R and later

References

https://www.mitsubishielectric.com/en/psirt/vulnerability...
vendor-advisory
https://jvn.jp/vu/JVNVU97244961
government-resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
government-resource

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.