CVE-2022-25164

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU97244961/index.html	Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	Mitigation Vendor Advisory
https://jvn.jp/vu/JVNVU97244961/index.html	Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:mx_opc_ua_module_configurator-r:-:::::::*

History

21 Nov 2024, 06:51

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 8.6
References	~~() https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry~~	() https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -~~	() https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory

29 Jun 2023, 08:15

Type	Values Removed	Values Added
Summary	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

31 May 2023, 09:15

Type	Values Removed	Values Added
References		(MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -
Summary	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module.	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

Information

Published : 2022-11-25 00:15

Updated : 2024-11-21 06:51

NVD link : CVE-2022-25164

Mitre link : CVE-2022-25164

CVE.ORG link : CVE-2022-25164

JSON object : View

Products Affected

mitsubishielectric

mx_opc_ua_module_configurator-r
gx_works3

CWE

CWE-312

Cleartext Storage of Sensitive Information

8.6 /10