CVE-2022-29825 Vulnerability Details

  /     /     /  

CVE-2022-29825 Metadata Quick Info

CVE Published: 24/11/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Mitsubishi | Vendor: Mitsubishi Electric Corporation | Product: GX Works3
Status : PUBLISHED

CVE-2022-29825 Description

Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U and GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C allows an unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.

Metrics

CVSS Version: 3.1 | Base Score: 5.6 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-259
CWE Name: CWE-259 Use of Hard-coded Password
Source: Mitsubishi Electric Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-29825 Vulnerability Details