CVE-2022-29828 | Vulnerability Database | Aqua Security

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally.

Weakness

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

Affected Software

Name	Vendor	Start Version	End Version
Gx_works3	Mitsubishielectric	1.000a (including)	1.011m (including)
Gx_works3	Mitsubishielectric	1.015r (including)	1.086q (including)
Gx_works3	Mitsubishielectric	1.087r (including)	*

Potential Mitigations

References

https://jvn.jp/vu/JVNVU97244961/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf
https://jvn.jp/vu/JVNVU97244961/index.html
https://www.cisa.gov/uscert/ics/advisories/icsa-22-333-05
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdf

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-29828
CWE	https://cwe.mitre.org/data/definitions/321.html