CVE-2022-29832

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthorized attacker to disclose sensitive information. As a result, unauthorized users could obtain information about the project file for MELSEC safety CPU modules.
References
Link Resource
https://jvn.jp/vu/JVNVU97244961 Third Party Advisory VDB Entry
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*

History

28 Nov 2022, 20:57

Type Values Removed Values Added
CPE cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
CWE CWE-312
First Time Mitsubishielectric
Mitsubishielectric gx Works3
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://jvn.jp/vu/JVNVU97244961 - (MISC) https://jvn.jp/vu/JVNVU97244961 - Third Party Advisory, VDB Entry
References (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory

25 Nov 2022, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-25 00:15

Updated : 2022-11-28 20:57


NVD link : CVE-2022-29832

Mitre link : CVE-2022-29832


JSON object : View

Products Affected

mitsubishielectric

  • gx_works3
CWE
CWE-312

Cleartext Storage of Sensitive Information