What is CVE-2022-25164?

CVE-2022-25164 is a vulnerability that allows a remote unauthenticated attacker to disclose sensitive information in Mitsubishi Electric GX Works3 versions 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior.

How severe is CVE-2022-25164?

CVE-2022-25164 has a severity rating of 7.5 (High).

How can an attacker exploit CVE-2022-25164?

An unauthenticated remote attacker can exploit CVE-2022-25164 to disclose sensitive information.

Are there any fixes or patches available for CVE-2022-25164?

It is recommended to refer to the official advisories and documentation provided by Mitsubishi Electric for information on available fixes or patches for CVE-2022-25164.

Vulnerability/
CVE-2022-25164

high

8.6

CWE

312

25/11/2022

29/6/2023

CVE-2022-25164

First published: Fri Nov 25 2022(Updated: )

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected Software	Affected Version	How to fix
Mitsubishielectric Gx Works3	>=1.000a<=1.011m
Mitsubishielectric Gx Works3	>=1.015r<=1.086q
Mitsubishielectric Gx Works3	>=1.087r
Mitsubishielectric Mx Opc Ua Module Configurator-r

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-25164?
CVE-2022-25164 is a vulnerability that allows a remote unauthenticated attacker to disclose sensitive information in Mitsubishi Electric GX Works3 versions 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior.
How severe is CVE-2022-25164?
CVE-2022-25164 has a severity rating of 7.5 (High).
Which software versions are affected by CVE-2022-25164?
Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior are affected by CVE-2022-25164.
How can an attacker exploit CVE-2022-25164?
An unauthenticated remote attacker can exploit CVE-2022-25164 to disclose sensitive information.
Are there any fixes or patches available for CVE-2022-25164?
It is recommended to refer to the official advisories and documentation provided by Mitsubishi Electric for information on available fixes or patches for CVE-2022-25164.

collector/nvd-index
agent/weakness
agent/type
agent/severity
agent/references
agent/tags
agent/author
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/mitsubishielectric
canonical/mitsubishielectric gx works3
version/mitsubishielectric gx works3/1.000a
version/mitsubishielectric gx works3/1.011m
version/mitsubishielectric gx works3/1.015r
version/mitsubishielectric gx works3/1.086q
version/mitsubishielectric gx works3/1.087r
canonical/mitsubishielectric mx opc ua module configurator-r

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.