CVE-2022-29833 An attack can disclose sensitive information if Mitsubishi Electric Corporation GX Works3 is not properly protected against Inc. insufficiently protected credentials.

The issue was discovered during internal penetration testing. Vulnerable versions are Mitsubishi Electric GX Works3 versions 1.015R and later. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works

Vulnerable / tested versions of the product

CVE-2022-29833 is a risk rating event that has been assigned to Mitsubishi Electric GX Works3 versions 1.015R and later. The issue was discovered during internal penetration testing. Vulnerable versions are Mitsubishi Electric GX Works3 versions 1.015R and later.

Affected Software: CVE-2022-29833

Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee. MELSEC safety CPU modules could be accessed by the attacker. Mitmsec Electric GX Works3 versions 1.015R and later are vulnerable. An attacker can exploit the issue by sending a crafted email message to an employee, who will then execute it on their computer using their default credentials for that computer (iTunes, Windows, or some other application).

MITIGATION

Users of vulnerable versions should apply the latest patch.

Timeline

Published on: 11/25/2022 00:15:00 UTC
Last modified on: 11/28/2022 20:57:00 UTC

References

• https://jvn.jp/vu/JVNVU97244961
• https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29833