CVE-2022-29830

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.

El uso de una vulnerabilidad de clave criptográfica codificada en Mitsubishi Electric GX Works3 en las versiones 1.000A hasta 1.095Z y la configuración de control de movimiento (software relacionado con GX Works3) de 1.000A y posteriores permite a un atacante remoto no autenticado revelar o alterar información sensible. Como resultado, los atacantes no autenticados pueden obtener información sobre archivos de proyecto de forma ilegal.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-27 CVE Reserved
2022-11-24 CVE Published
2024-08-03 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-321: Use of Hard-coded Cryptographic Key
CWE-798: Use of Hard-coded Credentials

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/vu/JVNVU97244961/index.html	Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05	Government Resource

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	2023-06-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.000a <= 1.011m Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.000a <= 1.011m"		-		Affected
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.015r <= 1.086q Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.015r <= 1.086q"		-		Affected
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.087r Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.087r"		-		Affected