CVE-2022-25164

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior

Description The issue is related to the storage of sensitive information in cleartext, allowing a remote unauthenticated attacker to disclose this information. As a result, attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.

Recommendations For Mitsubishi Electric GX Works3 versions 1.000A through 1.095Z, update to a version that fixes the cleartext storage of sensitive information issue. For Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior, update to a version that fixes the cleartext storage of sensitive information issue. As a temporary workaround, consider restricting access to the MELSEC CPU module and the MELSEC OPC UA server module to minimize the risk of exploitation.