CVE-2022-29825
Last modified
CVE-2022-29825 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, and MT Works2 versions from 1.100E to 1.200J allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.
Description
Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, and MT Works2 versions from 1.100E to 1.200J allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Gx Works3 | >= 1.000a, <= 1.011m |
| Mitsubishielectric | Gx Works3 | >= 1.015r, <= 1.086q |
| Mitsubishielectric | Gx Works3 | >= 1.087r |
References
- https://jvn.jp/vu/JVNVU97244961/index.htmlThird Party Advisory, VDB Entry
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfMitigation, Vendor Advisory
- https://jvn.jp/vu/JVNVU97244961/index.htmlThird Party Advisory, VDB Entry
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-29825?
How severe is CVE-2022-29825?
How do I fix CVE-2022-29825?
Are you affected by CVE-2022-29825?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST