Description
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
Related CPE's
a
mitsubishielectric
gx_works3
References
https://jvn.jp/vu/JVNVU97244961
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2022-11-25T00:15:10.507
2 years agoLast modified
2023-05-31T07:15:09.880
2 years ago