CVE-2022-25164

🗓️ 24 Nov 2022 23:21:25Reported by MitsubishiType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 97 Views

CVE-2022-25164 Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The software for programming Mitsubishi Electric GX Works3 is vulnerable, allowing a intruder to gain access to the CPU module and the OPC UA server module.	29 Dec 202200:00	–	bdu_fstec
Circl	CVE-2022-25164	5 Dec 202212:02	–	circl
CNNVD	Mitsubishi Electric GX Works3 安全漏洞	25 Nov 202200:00	–	cnnvd
Cvelist	CVE-2022-25164	24 Nov 202223:21	–	cvelist
EUVD	EUVD-2022-29907	3 Oct 202520:07	–	euvd
ICS	Mitsubishi Electric FA Engineering Software (Update C)	5 Dec 202207:00	–	ics
NVD	CVE-2022-25164	25 Nov 202200:15	–	nvd
OSV	CVE-2022-25164	25 Nov 202200:15	–	osv
Prion	Information disclosure	25 Nov 202200:15	–	prion
Positive Technologies	PT-2022-6046 · Mitsubishi · Melsec Cpu Module +3	24 Nov 202200:00	–	ptsecurity

NVD

Node

mitsubishielectric gx_works3Range1.000a–1.011m

mitsubishielectric gx_works3Range1.015r–1.086q

mitsubishielectric gx_works3Range1.087r≥

mitsubishielectric mx_opc_ua_module_configurator-rMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "GX Works3",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "from 1.000A to 1.095Z"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MX OPC UA Module Configurator-R",
    "vendor": "Mitsubishi Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "1.08J and prior"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
jvn	www.jvn.jp/vu/JVNVU97244961/index.html
mitsubishielectric	www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf