CVE-2022-25164

Summary

CVE	CVE-2022-25164
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-25 00:15:00 UTC
Updated	2023-06-29 08:15:00 UTC
Description	Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

Risk And Classification

Problem Types: CWE-312

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mitsubishielectric	Gx Works3	All	All	All	All
Application	Mitsubishielectric	Gx Works3	All	All	All	All
Application	Mitsubishielectric	Gx Works3	All	All	All	All
Application	Mitsubishielectric	Mx Opc Ua Module Configurator-r	-	All	All	All

References

Reference	Source	Link	Tags
www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	MISC	www.mitsubishielectric.com
JVNVU#97244961: 三菱電機製FAエンジニアリングソフトウェア製品における複数の脆弱性	MISC	jvn.jp
Mitsubishi Electric FA Engineering Software \| CISA	MISC	www.cisa.gov
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591227 Mitsubishi Electric FA Engineering Software GXWorks3 Multiple Vulnerabilities (ICSA-22-333-05)