CVE-2022-29833
First published: Thu Nov 24 2022(Updated: )
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishi Electric GX Works3 | >=1.015r<=1.086q | |
| Mitsubishi Electric GX Works3 | >=1.087r | |
| Mitsubishi Electric GX Works3: 1.000A to 1.011M (affected by CVE-2022-25164, CVE-2022-29825, CVE-2022-29826, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, CVE-2022-29830) 1.015R to 1.087R (affected by CVE-2022-25164, CVE-2022-29825, CVE-2022-29826, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, CVE-2022-29830, CVE-2022-29831, CVE-2022-29832, CVE-2022-29833) 1.090U (affected by CVE-2022-25164, CVE-2022-29825, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, CVE-2022-29830, CVE-2022-29831, CVE-2022-29832, CVE-2022-29833) --------- Begin Update B Part 1 of 2 --------- 1.095Z (affected by CVE-2022-25164, CVE-2022-29827, CVE-2022-29828, CVE-2022-29830, CVE-2022-29831, CVE-2022-29832, CVE-2022-29833) 1.096A and later (affected by CVE-2022-29827, CVE-2022-29828, CVE-2022-29832, CVE-2022-29833) | ||
| Mitsubishi Electric 1.000A to 1.011M | ||
| Mitsubishi Electric 1.015R to 1.087R (affected by CVE-2022-25164, CVE-2022-29825, CVE-2022-29826, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, CVE-2022-29830, CVE-2022-29831, CVE-2022-29832, CVE-2022-29833) | ||
| Mitsubishi Electric 1.090U (affected by CVE-2022-25164, CVE-2022-29825, CVE-2022-29827, CVE-2022-29828, CVE-2022-29829, CVE-2022-29830, CVE-2022-29831, CVE-2022-29832, CVE-2022-29833) --------- Begin Update B Part 1 of 2 --------- | ||
| Mitsubishi Electric 1.095Z | ||
| Mitsubishi Electric 1.096A | ||
| Mitsubishi Electric MX OPC UA Module Configurator-R |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Mitsubishi Electric Corporation GX Works3 vulnerability?
The vulnerability ID is CVE-2022-29833.
What is the severity level of CVE-2022-29833?
The severity level of CVE-2022-29833 is medium (6.5).
How does the Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 affect the software?
The vulnerability allows a remote unauthenticated attacker to disclose sensitive information, potentially granting unauthorized access to MELSEC safety CPU modules.
Which versions of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29833?
Versions 1.015R to 1.086q and versions from 1.087r are affected by CVE-2022-29833.
How can I fix the Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3?
It is recommended to upgrade to a version that is not affected by the vulnerability. Please refer to the vendor's advisory for specific guidance.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/mitsubishielectric
- canonical/mitsubishi electric gx works3
- version/mitsubishi electric gx works3/1.015r
- version/mitsubishi electric gx works3/1.086q
- version/mitsubishi electric gx works3/1.087r
- vendor/mitsubishi electric
- canonical/mitsubishi electric gx works3: 1.000a to 1.011m (affected by cve-2022-25164, cve-2022-29825, cve-2022-29826, cve-2022-29827, cve-2022-29828, cve-2022-29829, cve-2022-29830) 1.015r to 1.087r (affected by cve-2022-25164, cve-2022-29825, cve-2022-29826, cve-2022-29827, cve-2022-29828, cve-2022-29829, cve-2022-29830, cve-2022-29831, cve-2022-29832, cve-2022-29833) 1.090u (affected by cve-2022-25164, cve-2022-29825, cve-2022-29827, cve-2022-29828, cve-2022-29829, cve-2022-29830, cve-2022-29831, cve-2022-29832, cve-2022-29833) --------- begin update b part 1 of 2 --------- 1.095z (affected by cve-2022-25164, cve-2022-29827, cve-2022-29828, cve-2022-29830, cve-2022-29831, cve-2022-29832, cve-2022-29833) 1.096a and later (affected by cve-2022-29827, cve-2022-29828, cve-2022-29832, cve-2022-29833)
- canonical/mitsubishi electric 1.000a to 1.011m
- canonical/mitsubishi electric 1.015r to 1.087r (affected by cve-2022-25164, cve-2022-29825, cve-2022-29826, cve-2022-29827, cve-2022-29828, cve-2022-29829, cve-2022-29830, cve-2022-29831, cve-2022-29832, cve-2022-29833)
- canonical/mitsubishi electric 1.090u (affected by cve-2022-25164, cve-2022-29825, cve-2022-29827, cve-2022-29828, cve-2022-29829, cve-2022-29830, cve-2022-29831, cve-2022-29832, cve-2022-29833) --------- begin update b part 1 of 2 ---------
- canonical/mitsubishi electric 1.095z
- canonical/mitsubishi electric 1.096a
- canonical/mitsubishi electric mx opc ua module configurator-r