Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers can gain unauthorized access to the MELSEC CPU module and the MELSEC OPC UA server module.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gx_works3 | Mitsubishielectric | 1.000a (including) | 1.011m (including) |
Gx_works3 | Mitsubishielectric | 1.015r (including) | 1.086q (including) |
Gx_works3 | Mitsubishielectric | 1.087r (including) | * |
Mx_opc_ua_module_configurator-r | Mitsubishielectric | - (including) | - (including) |