CVE-2022-29831

HIGH

Mitsubishi Electric Corporation GX Works3 <1.095Z - Info Disclosure

Title source: llm

Description

Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules.

References (3)

[Mitigation, Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

[Third Party Advisory, VDB Entry] https://jvn.jp/vu/JVNVU97244961

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Scores

CVSS v3 7.5

EPSS 0.0116

EPSS Percentile 78.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-259 CWE-798

Status published

Products (1)

mitsubishielectric/gx_works3 1.015r - 1.086q

Published Nov 25, 2022

Tracked Since Feb 18, 2026