CVE-2022-25164

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-25164
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU97244961/index.html Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf Mitigation Vendor Advisory
https://jvn.jp/vu/JVNVU97244961/index.html Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:mx_opc_ua_module_configurator-r:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:51

Type Values Removed Values Added
References () https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry () https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry
References () https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 - () https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -
References () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory () https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 8.6

29 Jun 2023, 08:15

Type Values Removed Values Added
Summary Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module. Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

31 May 2023, 09:15

Type Values Removed Values Added
Summary Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users can gain unauthorized access to the CPU module and the OPC UA server module. Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 all versions and Mitsubishi Electric MX OPC UA Module Configurator-R all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -

28 Nov 2022, 21:04

Type Values Removed Values Added
References (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - (MISC) https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf - Mitigation, Vendor Advisory
References (MISC) https://jvn.jp/vu/JVNVU97244961/index.html - (MISC) https://jvn.jp/vu/JVNVU97244961/index.html - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:mitsubishielectric:mx_opc_ua_module_configurator-r:-:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
CWE CWE-312
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

25 Nov 2022, 13:59

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-25 00:15

Updated : 2024-11-21 06:51

NVD link : CVE-2022-25164

Mitre link : CVE-2022-25164

CVE.ORG link : CVE-2022-25164

JSON object : View

Products Affected

mitsubishielectric

  • gx_works3
  • mx_opc_ua_module_configurator-r
CWE
CWE-312

Cleartext Storage of Sensitive Information