CVE-2022-29826 - Vulnerability Details - OpenCVE

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mitsubishielectric	Gx Works3

Configuration 1 [-]

OR	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::

No data.

References

Link	Providers
https://jvn.jp/vu/JVNVU97244961/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2022-11-24T23:22:21.828Z

Updated: 2024-08-03T06:33:42.804Z

Reserved: 2022-04-27T20:47:43.442Z

Link: CVE-2022-29826

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-25T00:15:10.080

Modified: 2024-11-21T06:59:45.787

Link: CVE-2022-29826

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-29826", "assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "state": "PUBLISHED", "assignerShortName": "Mitsubishi", "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f", "dateReserved": "2022-04-27T20:47:43.442Z", "datePublished": "2022-11-24T23:22:21.828Z", "dateUpdated": "2024-08-03T06:33:42.804Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "GX Works3", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "from 1.000A to 1.087R"}]}, {"defaultStatus": "unaffected", "product": "Motion Control Setting(GX Works3 related software)", "vendor": "Mitsubishi Electric Corporation", "versions": [{"status": "affected", "version": "from 1.000A to 1.042U"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."}], "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad", "shortName": "Mitsubishi", "dateUpdated": "2023-06-27T05:19:57.479Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"}, {"tags": ["government-resource"], "url": "https://jvn.jp/vu/JVNVU97244961/index.html"}, {"tags": ["government-resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:33:42.804Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"}, {"tags": ["government-resource", "x_transferred"], "url": "https://jvn.jp/vu/JVNVU97244961/index.html"}, {"tags": ["government-resource", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "A868567B-2BAA-45AE-AEC9-3AFEF2361297", "versionEndIncluding": "1.011m", "versionStartIncluding": "1.000a", "vulnerable": true}, {"criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*", "matchCriteriaId": "56BD062B-0D41-42E2-B9EF-B7FBB514CFF9", "versionEndIncluding": "1.086q", "versionStartIncluding": "1.015r", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.087R and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.042U allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally."}, {"lang": "es", "value": "Vulnerabilidad de almacenamiento de texto sin cifrar de informaci\u00f3n sensible en las versiones de Mitsubishi Electric GX Works3 de 1.000A a 1.087R y de Motion Control Setting (software relacionado con GX Works3) de 1.000A a 1.042U permite que un atacante remoto no autenticado revele informaci\u00f3n confidencial. Como resultado, los usuarios no autenticados pueden ver programas y archivos de proyectos o ejecutar programas ilegalmente."}], "id": "CVE-2022-29826", "lastModified": "2024-11-21T06:59:45.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.0, "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-25T00:15:10.080", "references": [{"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/vu/JVNVU97244961/index.html"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"}, {"source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/vu/JVNVU97244961/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf"}], "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}