Skip to main content

CVE-2022-29832: CWE-316 Cleartext Storage of Sensitive Information in Memory in Mitsubishi Electric Corporation GX Works3

Medium
Published: Thu Nov 24 2022 (11/24/2022, 23:37:41 UTC)
Source: CVE
Vendor/Project: Mitsubishi Electric Corporation
Product: GX Works3

Description

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

AI-Powered Analysis

AILast updated: 06/24/2025, 14:40:28 UTC

Technical Analysis

CVE-2022-29832 is a vulnerability identified in Mitsubishi Electric Corporation's GX Works3 software (version 1.015R and later), GX Works2 (all versions), and GX Developer (versions 8.40S and later). The vulnerability is classified under CWE-316, which pertains to the cleartext storage of sensitive information in memory. Specifically, this flaw allows a remote, unauthenticated attacker to access sensitive information related to project files for MELSEC safety CPU modules or MELSEC Q/FX/L series with security settings. The vulnerability arises because sensitive data is stored in memory without encryption or adequate protection, making it accessible to attackers who can remotely interact with the affected software. Since the attacker does not require authentication, the attack surface is significantly increased, allowing potential disclosure of critical project configuration files that could reveal operational details or security settings of industrial control systems (ICS). The vulnerability does not currently have known exploits in the wild, but the risk remains due to the nature of the exposed information and the lack of authentication barriers. The affected software is widely used in industrial automation environments, particularly in manufacturing and critical infrastructure sectors, where Mitsubishi Electric's MELSEC series PLCs are deployed. The exposure of project files could facilitate further targeted attacks, including manipulation of control logic or disruption of industrial processes.

Potential Impact

For European organizations, especially those operating in manufacturing, energy, transportation, and critical infrastructure sectors, this vulnerability poses a significant risk. Disclosure of sensitive project files could lead to unauthorized insight into control logic and safety configurations, potentially enabling attackers to craft sophisticated attacks that disrupt operations or cause physical damage. The lack of authentication requirement means that attackers could exploit this vulnerability remotely, increasing the risk of widespread impact. Organizations relying on Mitsubishi Electric's GX Works3, GX Works2, or GX Developer software for programming and maintaining MELSEC PLCs could face operational downtime, safety incidents, or intellectual property theft. Given the strategic importance of industrial automation in Europe's economy and critical infrastructure, exploitation could have cascading effects on supply chains and public safety. Although no exploits are currently known in the wild, the vulnerability's medium severity rating and the critical nature of the affected systems warrant proactive mitigation to prevent potential exploitation.

Mitigation Recommendations

1. Immediate application of any available patches or updates from Mitsubishi Electric should be prioritized once released, as the current information indicates no patch links are available yet. 2. Implement network segmentation to isolate engineering workstations running GX Works3, GX Works2, or GX Developer from untrusted networks, limiting remote access possibilities. 3. Enforce strict access controls and monitoring on systems used for programming MELSEC PLCs, including multi-factor authentication and least privilege principles, even though the vulnerability itself does not require authentication; this reduces overall attack surface. 4. Employ intrusion detection and prevention systems (IDPS) with signatures or heuristics tailored to detect anomalous access patterns or attempts to read memory regions associated with the affected software. 5. Conduct regular security audits and memory analysis on engineering systems to detect unauthorized access or memory dumps that could indicate exploitation attempts. 6. Educate operational technology (OT) and IT staff about this vulnerability and the importance of securing engineering environments. 7. Where feasible, restrict remote access to engineering workstations via VPNs with strong encryption and endpoint security controls. 8. Maintain comprehensive backups of project files and configurations to enable rapid recovery in case of compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Mitsubishi
Date Reserved
2022-04-27T20:47:43.445Z
Cisa Enriched
true

Threat ID: 682d983ec4522896dcbf0088

Added to database: 5/21/2025, 9:09:18 AM

Last enriched: 6/24/2025, 2:40:28 PM

Last updated: 8/15/2025, 9:32:15 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats