Vulnerability Description
Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Gx Works3 | >= 1.015r, <= 1.086q |
Related Weaknesses (CWE)
References
- https://jvn.jp/vu/JVNVU97244961Third Party AdvisoryVDB Entry
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfMitigationVendor Advisory
- https://jvn.jp/vu/JVNVU97244961Third Party AdvisoryVDB Entry
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfMitigationVendor Advisory
FAQ
What is CVE-2022-29832?
CVE-2022-29832 is a vulnerability with a CVSS score of 3.7 (LOW). Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and la...
How severe is CVE-2022-29832?
CVE-2022-29832 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29832?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Gx Works3.