CVE-2022-29832

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GX Works3 versions 1.015R and later Mitsubishi Electric Corporation GX Works2 all versions Mitsubishi Electric Corporation GX Developer versions 8.40S and later

Description The issue allows a remote unauthenticated attacker to disclose sensitive information. Unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

Recommendations For GX Works3 versions 1.015R and later, update to a version that addresses the Cleartext Storage of Sensitive Information in Memory issue. For GX Works2 all versions, consider restricting access to sensitive project files until a fix is available. For GX Developer versions 8.40S and later, avoid storing sensitive information in memory until the issue is resolved. As a temporary workaround, consider disabling remote access to project files for MELSEC safety CPU modules or MELSEC Q/FX/L series with security setting until a patch is available.