CVE-2022-29830

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z Motion Control Setting(GX Works3 related software) versions from 1.000A and later

Description The issue is related to the use of a hard-coded cryptographic key, allowing a remote unauthenticated attacker to disclose or tamper with sensitive information. This could result in unauthenticated attackers obtaining information about project files illegally. The vulnerability may also allow an attacker to execute arbitrary code by replacing a project file.

Recommendations For Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z, consider disabling the use of hard-coded cryptographic keys until a patch is available. For Motion Control Setting(GX Works3 related software) versions from 1.000A and later, restrict access to sensitive project files to minimize the risk of exploitation. As a temporary workaround, avoid using the affected software for sensitive projects until the issue is resolved.