1. Home
  2. CVE Database
  3. CVE-2022-23129
MEDIUM · 5.5

CVE-2022-23129

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attac...

Vulnerability Description

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IconicsGenesis64>= 10.90, <= 10.97
MitsubishielectricMc Works64< 10.95.210.01

Related Weaknesses (CWE)

CWE-312

References

FAQ

What is CVE-2022-23129?

CVE-2022-23129 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attac...

How severe is CVE-2022-23129?

CVE-2022-23129 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23129?

Check the references section above for vendor advisories and patch information. Affected products include: Iconics Genesis64, Mitsubishielectric Mc Works64.