CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU97244961	Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::

History

31 May 2023, 07:15

Type	Values Removed	Values Added
Summary	Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.	Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
References		(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -

28 Nov 2022, 20:57

Type	Values Removed	Values Added
First Time		Mitsubishielectric Mitsubishielectric gx Works3
CPE		cpe:2.3:a:mitsubishielectric:gx_works3::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-312
References	~~(MISC) https://jvn.jp/vu/JVNVU97244961 -~~	(MISC) https://jvn.jp/vu/JVNVU97244961 - Third Party Advisory, VDB Entry
References	~~(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf -~~	(MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory

25 Nov 2022, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-25 00:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-29832

Mitre link : CVE-2022-29832

CVE.ORG link : CVE-2022-29832

JSON object : View

Products Affected

mitsubishielectric

gx_works3

CWE

CWE-312

Cleartext Storage of Sensitive Information

CWE-316

Cleartext Storage of Sensitive Information in Memory

6.5 /10