Vulnerability Details CVE-2022-29832
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 3.7
References
- https://jvn.jp/vu/JVNVU97244961
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
- https://jvn.jp/vu/JVNVU97244961
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
Products affected by CVE-2022-29832
-
cpe:2.3:a:mitsubishielectric:gx_works3:*
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.060n
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.063r
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.065t
-
cpe:2.3:a:mitsubishielectric:gx_works3:1.070y