What is CVE-2022-29832?

CVE-2022-29832 is a vulnerability in Mitsubishi Electric Corporation GX Works3, GX Works2, and GX Developer that allows a remote attacker to disclose sensitive information.

What is the severity of CVE-2022-29832?

The severity of CVE-2022-29832 is medium, with a CVSS score of 6.5.

Which versions of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29832?

Versions 1.015R to 1.086q of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29832.

Is authentication required for an attacker to exploit CVE-2022-29832?

No, authentication is not required for an attacker to exploit CVE-2022-29832.

How can I fix CVE-2022-29832?

To fix CVE-2022-29832, update GX Works3, GX Works2, and GX Developer to versions 1.087r or later.

Vulnerability/
CVE-2022-29832

medium

6.5

CWE

312 316

24/11/2022

3/8/2024

CVE-2022-29832

First published: Thu Nov 24 2022(Updated: )

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp

Affected Software	Affected Version	How to fix
Mitsubishielectric Gx Works3	>=1.015r<=1.086q
Mitsubishielectric Gx Works3	>=1.087r





Mitsubishi Electric 1.096A and later (affected by CVE-2022-29827, CVE-2022-29828, CVE-2022-29832, CVE-2022-29833)
Mitsubishi Electric MX OPC UA Module Configurator-R: 1.08J and prior (affected by CVE-2022-25164)

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-333-05

Frequently Asked Questions

What is CVE-2022-29832?
CVE-2022-29832 is a vulnerability in Mitsubishi Electric Corporation GX Works3, GX Works2, and GX Developer that allows a remote attacker to disclose sensitive information.
What is the severity of CVE-2022-29832?
The severity of CVE-2022-29832 is medium, with a CVSS score of 6.5.
Which versions of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29832?
Versions 1.015R to 1.086q of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29832.
Is authentication required for an attacker to exploit CVE-2022-29832?
No, authentication is not required for an attacker to exploit CVE-2022-29832.
How can I fix CVE-2022-29832?
To fix CVE-2022-29832, update GX Works3, GX Works2, and GX Developer to versions 1.087r or later.

collector/nvd-index
agent/weakness
agent/type
agent/first-publish-date
agent/last-modified-date
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/severity
agent/references
agent/author
agent/description
agent/softwarecombine
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/mitsubishielectric
canonical/mitsubishielectric gx works3
version/mitsubishielectric gx works3/1.015r
version/mitsubishielectric gx works3/1.086q
version/mitsubishielectric gx works3/1.087r
vendor/mitsubishi electric
canonical/mitsubishi electric 1.096a and later (affected by cve-2022-29827, cve-2022-29828, cve-2022-29832, cve-2022-29833)
canonical/mitsubishi electric mx opc ua module configurator-r: 1.08j and prior (affected by cve-2022-25164)