Description

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

Related CPE's

a

mitsubishielectric

gx_works3

2

References

https://jvn.jp/vu/JVNVU97244961

Third Party AdvisoryVDB Entry

https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05

https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

MitigationVendor Advisory

Weaknesses

[email protected]

Primary
CWE-312

[email protected]

Secondary
CWE-316

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-25T00:15:10.507

2 years ago

Last modified

2023-05-31T07:15:09.880

2 years ago