CVE-2022-29832
3.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mitsubishi Electric Corporation | GX Works3 | 1.015R and later | affected |
| Mitsubishi Electric Corporation | GX Works2 | all versions | affected |
| Mitsubishi Electric Corporation | GX Developer | 8.40S and later | affected |
Weaknesses
- CWE-316: CWE-316 Cleartext Storage of Sensitive Information in Memory
ADP Enrichment
CVE Program Container
Additional References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
- https://jvn.jp/vu/JVNVU97244961
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
- https://jvn.jp/vu/JVNVU97244961
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.