Vladimir Nazarov

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.087R Motion Control Setting (GX Works3 related software) versions 1.000A through 1.042U **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally. **Recommendations** For Mitsubishi Electric GX Works3 versions 1.000A through 1.087R, update to a version that fixes the Cleartext Storage of Sensitive Information issue. For Motion Control Setting (GX Works3 related software) versions 1.000A through 1.042U, update to a version that fixes the Cleartext Storage of Sensitive Information issue.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. **Recommendations** For Mitsubishi Electric GX Works3 versions from 1.000A and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A and later **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. **Recommendations** For versions from 1.000A and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.090U GT Designer3 Version1 (GOT2000) versions 1.122C through 1.290C Motion Control Setting (GX Works3 related software) versions 1.035M through 1.042U **Description** The issue allows a remote unauthenticated attacker to disclose sensitive information due to the use of a hard-coded cryptographic key. This enables unauthenticated users to view programs and project files or execute programs illegally. **Recommendations** For GX Works3 versions 1.000A through 1.090U, update to a version that does not use a hard-coded cryptographic key. For GT Designer3 Version1 (GOT2000) versions 1.122C through 1.290C, update to a version that does not use a hard-coded cryptographic key. For Motion Control Setting (GX Works3 related software) versions 1.035M through 1.042U, update to a version that does not use a hard-coded cryptographic key. As a temporary workaround, consider restricting access to sensitive information and project files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior **Description** The issue is related to the storage of sensitive information in cleartext, allowing a remote unauthenticated attacker to disclose this information. As a result, attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module. **Recommendations** For Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z, update to a version that fixes the cleartext storage of sensitive information issue. For Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior, update to a version that fixes the cleartext storage of sensitive information issue. As a temporary workaround, consider restricting access to the MELSEC CPU module and the MELSEC OPC UA server module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C **Description** The issue is related to the use of hard-coded passwords in the software, allowing an unauthenticated attacker to disclose sensitive information. This can result in unauthenticated users being able to view programs and project files or execute programs illegally. The vulnerability can be exploited by a remote attacker to gain access to protected information. **Recommendations** For Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, consider changing or removing the hard-coded password to prevent unauthorized access. For GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, restrict access to sensitive information and project files until a patch or update is available that addresses the hard-coded password issue. As a temporary workaround, consider disabling any features that rely on the hard-coded password until a secure update is applied.