CVE-2022-29833

MEDIUM

Mitsubishielectric GX Works3 - Insufficiently Protected Credentials

Title source: rule

Description

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.

References (3)

[Third Party Advisory, VDB Entry] https://jvn.jp/vu/JVNVU97244961

[Mitigation, Vendor Advisory] https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

[Third Party Advisory, US Government Resource] https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

Scores

CVSS v3 6.8

EPSS 0.0060

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

mitsubishielectric/gx_works3 < 1.086q

Timeline

Published Nov 25, 2022

Tracked Since Feb 18, 2026