CVE-2022-29830
Severity CVSS v4.0:
Pending analysis
Type:
CWE-321
Use of Hard-coded Cryptographic Key
Publication date:
25/11/2022
Last modified:
07/11/2025
Description
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, and Motion Control Setting(GX Works3 related software) versions from 1.000A to 1.065T allows a remote unauthenticated attacker to disclose or tamper with sensitive information. As a result, unauthenticated attackers may obtain information about project files illegally.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:* | 1.000a (including) | 1.011m (including) |
| cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:* | 1.015r (including) | 1.086q (including) |
| cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:* | 1.087r (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/vu/JVNVU97244961/index.html
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
- https://jvn.jp/vu/JVNVU97244961/index.html
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
- https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf