CVE-2022-23129

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior ICONICS GENESIS64 versions 10.90 to 10.97

Description The issue allows a local authenticated attacker to gain authentication information and access the database illegally due to the plaintext storage of a password. This occurs when configuration information of GridWorX, a database linkage function, is exported to a CSV file, saving authentication information in plaintext. An attacker with access to this CSV file can obtain the authentication information.

Recommendations For Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior, update to a version later than 4.04E (10.95.210.01) to resolve the issue. For ICONICS GENESIS64 versions 10.90 to 10.97, update to a version later than 10.97 to resolve the issue. As a temporary workaround, consider restricting access to the GridWorX database linkage function to minimize the risk of exploitation.