CVE-2022-29830

Severity Score

9.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Motion Control Setting(GX Works3 related software) versions from 1.000A and later allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.

El uso de una vulnerabilidad de clave criptográfica codificada en Mitsubishi Electric GX Works3 en las versiones 1.000A hasta 1.095Z y la configuración de control de movimiento (software relacionado con GX Works3) de 1.000A y posteriores permite a un atacante remoto no autenticado revelar o alterar información sensible. Como resultado, los atacantes no autenticados pueden obtener información sobre archivos de proyecto de forma ilegal.

*Credits: N/A

CVSS Scores

NISTv3.1 9.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-27 CVE Reserved
2022-11-24 CVE Published
2024-06-16 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-321: Use of Hard-coded Cryptographic Key
CWE-798: Use of Hard-coded Credentials

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/vu/JVNVU97244961/index.html	Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05	Government Resource

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf	2023-06-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.000a <= 1.011m Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.000a <= 1.011m"		-		Affected
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.015r <= 1.086q Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.015r <= 1.086q"		-		Affected
Mitsubishielectric Search vendor "Mitsubishielectric"		Gx Works3 Search vendor "Mitsubishielectric" for product "Gx Works3"				>= 1.087r Search vendor "Mitsubishielectric" for product "Gx Works3" and version " >= 1.087r"		-		Affected