CVE-2022-25164

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU97244961/index.html	Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:mx_opc_ua_module_configurator-r:-:::::::*

History

29 Jun 2023, 08:15

Type	Values Removed	Values Added
Summary	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

31 May 2023, 09:15

Type	Values Removed	Values Added
Summary	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module.	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.
References		(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -

28 Nov 2022, 21:04

Type	Values Removed	Values Added
First Time		Mitsubishielectric Mitsubishielectric mx Opc Ua Module Configurator-r Mitsubishielectric gx Works3
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf -~~	(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory
References	~~(MISC) https://jvn.jp/vu/JVNVU97244961/index.html -~~	(MISC) https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry
CWE		CWE-312
CPE		cpe:2.3:a:mitsubishielectric:mx_opc_ua_module_configurator-r:-:::::::* cpe:2.3:a:mitsubishielectric:gx_works3::::::::

25 Nov 2022, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-25 00:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-25164

Mitre link : CVE-2022-25164

CVE.ORG link : CVE-2022-25164

JSON object : View

Products Affected

mitsubishielectric

gx_works3
mx_opc_ua_module_configurator-r

CWE

CWE-312

Cleartext Storage of Sensitive Information

7.5 /10