CVE-2022-29833
First published: Thu Nov 24 2022(Updated: )
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.
Credit: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Gx Works3 | >=1.015r<=1.086q | |
| Mitsubishielectric Gx Works3 | >=1.087r | |
| Mitsubishi Electric 1.096A and later (affected by CVE-2022-29827, CVE-2022-29828, CVE-2022-29832, CVE-2022-29833) | ||
| Mitsubishi Electric MX OPC UA Module Configurator-R: 1.08J and prior (affected by CVE-2022-25164) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Mitsubishi Electric Corporation GX Works3 vulnerability?
The vulnerability ID is CVE-2022-29833.
What is the severity level of CVE-2022-29833?
The severity level of CVE-2022-29833 is medium (6.5).
How does the Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 affect the software?
The vulnerability allows a remote unauthenticated attacker to disclose sensitive information, potentially granting unauthorized access to MELSEC safety CPU modules.
Which versions of Mitsubishi Electric Corporation GX Works3 are affected by CVE-2022-29833?
Versions 1.015R to 1.086q and versions from 1.087r are affected by CVE-2022-29833.
How can I fix the Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3?
It is recommended to upgrade to a version that is not affected by the vulnerability. Please refer to the vendor's advisory for specific guidance.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mitsubishielectric
- canonical/mitsubishielectric gx works3
- version/mitsubishielectric gx works3/1.015r
- version/mitsubishielectric gx works3/1.086q
- version/mitsubishielectric gx works3/1.087r
- vendor/mitsubishi electric
- canonical/mitsubishi electric 1.096a and later (affected by cve-2022-29827, cve-2022-29828, cve-2022-29832, cve-2022-29833)
- canonical/mitsubishi electric mx opc ua module configurator-r: 1.08j and prior (affected by cve-2022-25164)