6.5
CVE-2022-29832
- EPSS 0.34%
- Veröffentlicht 25.11.2022 00:15:10
- Zuletzt bearbeitet 21.11.2024 06:59:46
- Quelle Mitsubishielectric.Psirt@yd.Mi
- CVE-Watchlists
- Unerledigt
LoginCleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mitsubishielectric ≫ Gx Works3 Version >= 1.015r <= 1.086q
Mitsubishielectric ≫ Gx Works3 Version >= 1.087r
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.56 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CWE-316 Cleartext Storage of Sensitive Information in Memory
The product stores sensitive information in cleartext in memory.