CVE-2022-29832

Summary

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

Affected Software

VendorProductVersion RangeStatus
Mitsubishi Electric CorporationGX Works31.015R and lateraffected
Mitsubishi Electric CorporationGX Works2all versionsaffected
Mitsubishi Electric CorporationGX Developer8.40S and lateraffected

Weaknesses

  • CWE-316: CWE-316 Cleartext Storage of Sensitive Information in Memory

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References