First published: Fri Nov 25 2022(Updated: )
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Gx Works3 | >=1.000a<=1.011m | |
Mitsubishielectric Gx Works3 | >=1.015r<=1.086q | |
Mitsubishielectric Gx Works3 | >=1.087r |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mitsubishi Electric GX Works3 vulnerability is CVE-2022-29830.
The severity of CVE-2022-29830 is critical, with a CVSS score of 9.1.
Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later are affected by CVE-2022-29830.
CVE-2022-29830 allows a remote unauthenticated attacker to disclose or tamper with sensitive information.
Yes, Mitsubishi Electric has released a security advisory with mitigation measures for CVE-2022-29830. Please refer to the official Mitsubishi Electric PSIRT website for the latest information and guidance.