CVE-2022-29831

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z

Description The issue is related to the use of hard-coded passwords in the software, allowing a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. This could potentially be exploited by an attacker to gain unauthorized access to sensitive information.

Recommendations For versions from 1.015R to 1.095Z, consider disabling the use of hard-coded passwords as a temporary workaround until a patch is available. Restrict access to the project file for MELSEC safety CPU modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.