Cleartext Storage of Sensitive Information in Memory

CVE-2022-29832

Low

3.7/10

Summary

Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could obtain information about the project file for MELSEC safety CPU modules or project file for MELSEC Q/FX/L series with security setting.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-316 - Cleartext Storage of Sensitive Information in Memory

The application stores sensitive information in cleartext in memory.

References

Advisory Timeline

Published Nov 25, 2022

Cleartext Storage of Sensitive Information in Memory

CVE-2022-29832

Summary

CWE-316 - Cleartext Storage of Sensitive Information in Memory

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS