Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-29826 (GCVE-0-2022-29826)
Vulnerability from cvelistv5 – Published: 2022-11-24 23:22 – Updated: 2025-04-25 17:51
VLAI
EPSS
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.
Severity
6.8 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.mitsubishielectric.com/en/psirt/vulne… | vendor-advisory |
| https://jvn.jp/vu/JVNVU97244961/index.html | government-resource |
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | government-resource |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mitsubishi Electric Corporation | GX Works3 |
Affected:
from 1.000A to 1.087R
|
|
| Mitsubishi Electric Corporation | Motion Control Setting(GX Works3 related software) |
Affected:
from 1.000A to 1.042U
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T17:51:45.451933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:51:52.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GX Works3",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "from 1.000A to 1.087R"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Motion Control Setting(GX Works3 related software)",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "from 1.000A to 1.042U"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."
}
],
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T05:19:57.479Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
},
{
"tags": [
"government-resource"
],
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-29826",
"datePublished": "2022-11-24T23:22:21.828Z",
"dateReserved": "2022-04-27T20:47:43.442Z",
"dateUpdated": "2025-04-25T17:51:52.195Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-29826",
"date": "2026-05-29",
"epss": "0.00134",
"percentile": "0.32931"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.000a\", \"versionEndIncluding\": \"1.011m\", \"matchCriteriaId\": \"A868567B-2BAA-45AE-AEC9-3AFEF2361297\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.015r\", \"versionEndIncluding\": \"1.086q\", \"matchCriteriaId\": \"56BD062B-0D41-42E2-B9EF-B7FBB514CFF9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de almacenamiento de texto sin cifrar de informaci\\u00f3n sensible en las versiones de Mitsubishi Electric GX Works3 de 1.000A a 1.087R y de Motion Control Setting (software relacionado con GX Works3) de 1.000A a 1.042U permite que un atacante remoto no autenticado revele informaci\\u00f3n confidencial. Como resultado, los usuarios no autenticados pueden ver programas y archivos de proyectos o ejecutar programas ilegalmente.\"}]",
"id": "CVE-2022-29826",
"lastModified": "2024-11-21T06:59:45.787",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-11-25T00:15:10.080",
"references": "[{\"url\": \"https://jvn.jp/vu/JVNVU97244961/index.html\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\", \"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU97244961/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-312\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-312\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-29826\",\"sourceIdentifier\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"published\":\"2022-11-25T00:15:10.080\",\"lastModified\":\"2024-11-21T06:59:45.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de almacenamiento de texto sin cifrar de informaci\u00f3n sensible en las versiones de Mitsubishi Electric GX Works3 de 1.000A a 1.087R y de Motion Control Setting (software relacionado con GX Works3) de 1.000A a 1.042U permite que un atacante remoto no autenticado revele informaci\u00f3n confidencial. Como resultado, los usuarios no autenticados pueden ver programas y archivos de proyectos o ejecutar programas ilegalmente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-312\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.000a\",\"versionEndIncluding\":\"1.011m\",\"matchCriteriaId\":\"A868567B-2BAA-45AE-AEC9-3AFEF2361297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.015r\",\"versionEndIncluding\":\"1.086q\",\"matchCriteriaId\":\"56BD062B-0D41-42E2-B9EF-B7FBB514CFF9\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU97244961/index.html\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\",\"source\":\"Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU97244961/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU97244961/index.html\", \"tags\": [\"government-resource\", \"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\", \"tags\": [\"government-resource\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T06:33:42.804Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-29826\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T17:51:45.451933Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T17:51:40.541Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"GX Works3\", \"versions\": [{\"status\": \"affected\", \"version\": \"from 1.000A to 1.087R\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Mitsubishi Electric Corporation\", \"product\": \"Motion Control Setting(GX Works3 related software)\", \"versions\": [{\"status\": \"affected\", \"version\": \"from 1.000A to 1.042U\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU97244961/index.html\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-312\", \"description\": \"CWE-312 Cleartext Storage of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"shortName\": \"Mitsubishi\", \"dateUpdated\": \"2023-06-27T05:19:57.479Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-29826\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T17:51:52.195Z\", \"dateReserved\": \"2022-04-27T20:47:43.442Z\", \"assignerOrgId\": \"e0f77b61-78fd-4786-b3fb-1ee347a748ad\", \"datePublished\": \"2022-11-24T23:22:21.828Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"Mitsubishi\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2022-29826
Vulnerability from fkie_nvd - Published: 2022-11-25 00:15 - Updated: 2024-11-21 06:59
Severity
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | gx_works3 | * | |
| mitsubishielectric | gx_works3 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A868567B-2BAA-45AE-AEC9-3AFEF2361297",
"versionEndIncluding": "1.011m",
"versionStartIncluding": "1.000a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56BD062B-0D41-42E2-B9EF-B7FBB514CFF9",
"versionEndIncluding": "1.086q",
"versionStartIncluding": "1.015r",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."
},
{
"lang": "es",
"value": "Vulnerabilidad de almacenamiento de texto sin cifrar de informaci\u00f3n sensible en las versiones de Mitsubishi Electric GX Works3 de 1.000A a 1.087R y de Motion Control Setting (software relacionado con GX Works3) de 1.000A a 1.042U permite que un atacante remoto no autenticado revele informaci\u00f3n confidencial. Como resultado, los usuarios no autenticados pueden ver programas y archivos de proyectos o ejecutar programas ilegalmente."
}
],
"id": "CVE-2022-29826",
"lastModified": "2024-11-21T06:59:45.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-25T00:15:10.080",
"references": [
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
},
{
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F7HX-HG43-F938
Vulnerability from github – Published: 2022-11-25 00:30 – Updated: 2022-11-28 21:30
VLAI
Details
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-29826"
],
"database_specific": {
"cwe_ids": [
"CWE-312"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-25T00:15:00Z",
"severity": "HIGH"
},
"details": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions 1.086Q and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally.",
"id": "GHSA-f7hx-hg43-f938",
"modified": "2022-11-28T21:30:22Z",
"published": "2022-11-25T00:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29826"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-29826
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29826",
"id": "GSD-2022-29826"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-29826"
],
"details": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.",
"id": "GSD-2022-29826",
"modified": "2023-12-13T01:19:42.545022Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-29826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GX Works3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 1.000A to 1.087R"
}
]
}
},
{
"product_name": "Motion Control Setting(GX Works3 related software)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "from 1.000A to 1.042U"
}
]
}
}
]
},
"vendor_name": "Mitsubishi Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-312",
"lang": "eng",
"value": "CWE-312 Cleartext Storage of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf",
"refsource": "MISC",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97244961/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.086q",
"versionStartIncluding": "1.015r",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.011m",
"versionStartIncluding": "1.000a",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"ID": "CVE-2022-29826"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/vu/JVNVU97244961/index.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU97244961/index.html"
},
{
"name": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05",
"refsource": "MISC",
"tags": [],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-05-31T09:15Z",
"publishedDate": "2022-11-25T00:15Z"
}
}
}
ICSA-22-333-05
Vulnerability from csaf_cisa - Published: 2022-12-05 07:00 - Updated: 2025-11-25 07:00Summary
Mitsubishi Electric FA Engineering Software (Update C)
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation: Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs or view project files without permissions.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: Japan
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities, such as:
Recommended Practices: Minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.
Recommended Practices: Locating control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, using more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploits specifically target these vulnerabilities.
8.6 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MX OPC UA Module Configurator-R: <=1.08J
Mitsubishi Electric / MX OPC UA Module Configurator-R
|
<=1.08J |
Mitigation
Mitigation
fix
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.000A|<1.033K
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.000A|<1.033K |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.035M|<1.042U
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.035M|<1.042U |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
5.6 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1 (GOT2000): >=1.122C|<1.290C
Mitsubishi Electric / GT Designer3 Version1 (GOT2000)
|
>=1.122C|<1.290C |
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MT Works2: >=1.100E|<1.200J
Mitsubishi Electric / MT Works2
|
>=1.100E|<1.200J |
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.096A
Mitsubishi Electric / GX Works3
|
>=1.096A |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.096A
Mitsubishi Electric / GX Works3
|
>=1.096A |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.096A
Mitsubishi Electric / GX Works3
|
>=1.096A |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Vendor Fix
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Vendor Fix
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Vendor Fix
fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GT Designer3 Version1 (GOT2000): >=1.122C|<1.290C
Mitsubishi Electric / GT Designer3 Version1 (GOT2000)
|
>=1.122C|<1.290C |
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.035M|<1.042U
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.035M|<1.042U |
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric MT Works2: >=1.100E|<1.200J
Mitsubishi Electric / MT Works2
|
>=1.100E|<1.200J |
Mitigation
Mitigation
fix
Mitigation
Mitigation
fix
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.000A|<1.011M
Mitsubishi Electric / GX Works3
|
>=1.000A|<1.011M |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
fix
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.000A|<1.033K
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.000A|<1.033K |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.035M|<1.042U
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.035M|<1.042U |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric Motion Control Settings (GX Works3 related software): >=1.045X|<1.065T
Mitsubishi Electric / Motion Control Settings (GX Works3 related software)
|
>=1.045X|<1.065T |
Mitigation
Mitigation
fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
CWE-316
- Cleartext Storage of Sensitive Information in Memory
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mitsubishi Electric GX Works3: >=1.015R|<1.087R
Mitsubishi Electric / GX Works3
|
>=1.015R|<1.087R |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.090U
Mitsubishi Electric / GX Works3
|
1.090U |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: 1.095Z
Mitsubishi Electric / GX Works3
|
1.095Z |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works3: >=1.096A
Mitsubishi Electric / GX Works3
|
>=1.096A |
Mitigation
Vendor Fix
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Works2: vers:all/*
Mitsubishi Electric / GX Works2
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
|
|
Mitsubishi Electric GX Developer: >=8.40S
Mitsubishi Electric / GX Developer
|
>=8.40S |
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
Mitigation
fix
|
References
28 references
Acknowledgments
Positive Technologies
Anton Dorfman
Vladimir Nazarov
Dmitry Sklyarov
Iliya Rogachev
Nozomi Networks
Ivan Speziale
{
"document": {
"acknowledgments": [
{
"names": [
"Anton Dorfman",
"Vladimir Nazarov",
"Dmitry Sklyarov",
"Iliya Rogachev"
],
"organization": "Positive Technologies",
"summary": "reporting CVE-2022-25164, CVE-2022-29825, CVE-2022-29826, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, and CVE-2022-29830 to Mitsubishi Electric"
},
{
"names": [
"Ivan Speziale"
],
"organization": "Nozomi Networks",
"summary": "reporting CVE-2022-29831, CVE-2022-29832, and CVE-2022-29833 to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs or view project files without permissions. ",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimizing network exposure for all control system devices and/or systems, ensuring they are not accessible from the Internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locating control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, using more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-333-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-333-05.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-22-333-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-333-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Mitsubishi Electric FA Engineering Software (Update C)",
"tracking": {
"current_release_date": "2025-11-25T07:00:00.000000Z",
"generator": {
"date": "2025-11-25T16:35:41.586989Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-333-05",
"initial_release_date": "2022-12-05T07:00:00.000000Z",
"revision_history": [
{
"date": "2022-12-05T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2023-06-01T06:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Changes to affected products, description of vulnerabilities, and mitigations"
},
{
"date": "2023-06-29T06:00:00.000000Z",
"legacy_version": "Update B",
"number": "3",
"summary": "Update B - Changes to affected products and mitigations"
},
{
"date": "2025-11-25T07:00:00.000000Z",
"legacy_version": "Update C",
"number": "4",
"summary": "Update C - Added MT Works2 to Affected Products and Mitigations"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.000A|\u003c1.011M",
"product": {
"name": "Mitsubishi Electric GX Works3: \u003e=1.000A|\u003c1.011M",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.015R|\u003c1.087R",
"product": {
"name": "Mitsubishi Electric GX Works3: \u003e=1.015R|\u003c1.087R",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version",
"name": "1.090U",
"product": {
"name": "Mitsubishi Electric GX Works3: 1.090U",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version",
"name": "1.095Z",
"product": {
"name": "Mitsubishi Electric GX Works3: 1.095Z",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.096A",
"product": {
"name": "Mitsubishi Electric GX Works3: \u003e=1.096A",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "GX Works3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=1.08J",
"product": {
"name": "Mitsubishi Electric MX OPC UA Module Configurator-R: \u003c=1.08J",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "MX OPC UA Module Configurator-R"
},
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "Mitsubishi Electric GX Works2: vers:all/*",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "GX Works2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=8.40S",
"product": {
"name": "Mitsubishi Electric GX Developer: \u003e=8.40S",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "GX Developer"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.122C|\u003c1.290C",
"product": {
"name": "Mitsubishi Electric GT Designer3 Version1 (GOT2000): \u003e=1.122C|\u003c1.290C",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "GT Designer3 Version1 (GOT2000)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.000A|\u003c1.033K",
"product": {
"name": "Mitsubishi Electric Motion Control Settings (GX Works3 related software): \u003e=1.000A|\u003c1.033K",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Motion Control Settings (GX Works3 related software)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.035M|\u003c1.042U",
"product": {
"name": "Mitsubishi Electric Motion Control Settings (GX Works3 related software): \u003e=1.035M|\u003c1.042U",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "Motion Control Settings (GX Works3 related software)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.045X|\u003c1.065T",
"product": {
"name": "Mitsubishi Electric Motion Control Settings (GX Works3 related software): \u003e=1.045X|\u003c1.065T",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "Motion Control Settings (GX Works3 related software)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e=1.100E|\u003c1.200J",
"product": {
"name": "Mitsubishi Electric MT Works2: \u003e=1.100E|\u003c1.200J",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "MT Works2"
}
],
"category": "vendor",
"name": "Mitsubishi Electric"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-25164",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25164"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "CVE-2022-25164, CVE-2022-29830, and CVE-2022-29831: Download fixed Ver. 1.096A or later. Then set security version for project to \"2\".",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "vendor_fix",
"details": "MX OPC UA Module Configurator-R:",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "CVE-2022-25164: Download fixed Ver. 1.09K or later. Update the firmware version of the OPC UA server module to 10 or later.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
},
{
"category": "vendor_fix",
"details": "Use the \"authentication with a certificate\" function instead of \"username / password authentication\" for user authentication for access from OPC UA clients to MELSEC iQ-R series OPC UA server modules (MX OPC UA Module Configurator-R only).",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2022-29826",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29826"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29826: Download fixed Ver. 1.090U or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "CVE-2022-29826 and CVE-2022-29829: Download fixed Ver. 1.045X or later. Apply CVE-2022-29826 or CVE-2022-29829 mitigations for GX Works3 as well.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0010",
"CSAFPID-0011"
]
}
]
},
{
"cve": "CVE-2022-29825",
"cwe": {
"id": "CWE-259",
"name": "Use of Hard-coded Password"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, and MT Works2 versions from 1.100E to 1.200J allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29825"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.095Z or later. Then set security key\u0027s secure mode to Enabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.295H or later. Then set security key\u0027s secure mode to Enabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "MT Works2:",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.205P or later and update the software. Then set security key\u0027s secure mode to Enabled.Please refer \"MT Developer2 Help\" \u2013 \"Security Function\" \u2013 \"Manage Security Key\" for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0013"
]
}
]
},
{
"cve": "CVE-2022-29831",
"cwe": {
"id": "CWE-259",
"name": "Use of Hard-coded Password"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29831"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "CVE-2022-25164, CVE-2022-29830, and CVE-2022-29831: Download fixed Ver. 1.096A or later. Then set security version for project to \"2\".",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2022-29833",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "summary",
"text": "Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 Versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29833"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-29827",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29827"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-29828",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29828"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2022-29829",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U, and MT Works2 versions from 1.100E to 1.200J allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29829"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.095Z or later. Then set security key\u0027s secure mode to Enabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.295H or later. Then set security key\u0027s secure mode to Enabled.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "vendor_fix",
"details": "CVE-2022-29826 and CVE-2022-29829: Download fixed Ver. 1.045X or later. Apply CVE-2022-29826 or CVE-2022-29829 mitigations for GX Works3 as well.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "vendor_fix",
"details": "MT Works2:",
"product_ids": [
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "CVE-2022-29825 and CVE-2022-29829: Download fixed Ver. 1.205P or later and update the software. Then set security key\u0027s secure mode to Enabled.Please refer \"MT Developer2 Help\" \u2013 \"Security Function\" \u2013 \"Manage Security Key\" for details.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0009",
"CSAFPID-0011",
"CSAFPID-0013"
]
}
]
},
{
"cve": "CVE-2022-29830",
"cwe": {
"id": "CWE-321",
"name": "Use of Hard-coded Cryptographic Key"
},
"notes": [
{
"category": "summary",
"text": "Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.065T allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29830"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "CVE-2022-25164, CVE-2022-29830, and CVE-2022-29831: Download fixed Ver. 1.096A or later. Then set security version for project to \"2\".",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "vendor_fix",
"details": "CVE-2022-29830: Download fixed Ver. 1.070Y or later and update the software. Set security version for project to \"2\". Refer \"Motion Control Setting Function Help\" \u2013 \"12.5. Preventing Illegal Access to/Falsification of Data (Security Version)\" for details. Apply the countermeasure for CVE-2022-29830 listed in GX Works3.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://www.mitsubishielectric.com/fa/#software"
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
]
},
{
"cve": "CVE-2022-29832",
"cwe": {
"id": "CWE-316",
"name": "Cleartext Storage of Sensitive Information in Memory"
},
"notes": [
{
"category": "summary",
"text": "Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 Versions 1.015R and later, GX Works2 all versions and GX Developer Versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project files for MELSEC Q/FX/L series with security settings.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29832"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Mitsubishi Electric released and recommends users update to the latest version:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "GX Works3:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "GT Designer3 Version1 (GOT2000):",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Motion Control Setting:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "For all other listed vulnerabilities, Mitsubishi Electric released mitigations/workarounds for users to follow:",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Ensure malicious actors cannot access project files, configuration files, security keys stored on the host machine via untrusted networks or hosts.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Install antivirus software on the host machine running the software.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Encrypt project files and security keys when sending or receiving over the Internet.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "For specific update instructions and additional details, see the Mitsubishi Electric advisory.",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…