CVE-2022-29828

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-29828
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/vu/JVNVU97244961/index.html Third Party Advisory VDB Entry
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*
History

29 Jun 2023, 08:15

Type Values Removed Values Added
Summary Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project file or execute programs illegally. Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally.

31 May 2023, 09:15

Type Values Removed Values Added
References
  • (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05 -
Summary Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthorized users may view or execute programs illegally. Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 all versions allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project file or execute programs illegally.
Information

Published : 2022-11-25 00:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-29828

Mitre link : CVE-2022-29828

CVE.ORG link : CVE-2022-29828

JSON object : View

Products Affected

mitsubishielectric

  • gx_works3
CWE
CWE-798

Use of Hard-coded Credentials

CWE-321

Use of Hard-coded Cryptographic Key


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024