CVE-2022-29829
Description
Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions from 1.122C to 1.290C, Motion Control Setting(GX Works3 related software) versions from 1.035M to 1.042U, and MT Works2 versions from 1.100E to 1.200J allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users may view programs and project files or execute programs illegally.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mitsubishi Electric GX Works3 and other FA engineering products use a hard-coded cryptographic key, allowing remote unauthenticated attackers to disclose sensitive information and execute programs.
Vulnerability
CVE-2022-29829 is a use of hard-coded cryptographic key vulnerability in Mitsubishi Electric FA engineering software. The affected products and versions include GX Works3 versions 1.000A to 1.090U, GT Designer3 Version1 (GOT2000) versions 1.122C to 1.290C, Motion Control Setting (GX Works3 related software) versions 1.035M to 1.042U, and MT Works2 versions 1.100E to 1.200J [1][2]. The vulnerability exists due to the use of a static, embedded cryptographic key that is identical across installations, enabling an attacker to decrypt or forge data without authentication.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by accessing network communications or project files that are protected using the hard-coded key. No special privileges or user interaction is required. The attacker can retrieve the cryptographic key from the software or documentation and use it to decrypt sensitive information or impersonate legitimate communication [1][2].
Impact
Successful exploitation allows an unauthenticated remote attacker to disclose sensitive information, including viewing programs and project files without authorization. The attacker may also be able to execute programs illegally on the affected systems, leading to compromise of industrial control processes [1][2]. The CVSS v3 base score is 9.1 (Critical) [1].
Mitigation
Mitsubishi Electric has released updates for the affected products. Users should upgrade to the following patched versions or later: GX Works3 version 1.095Z or later (for versions up to 1.090U), GT Designer3 Version1 (GOT2000) version 1.295L or later, Motion Control Setting version 1.043P or later, and MT Works2 version 1.210A or later [1]. Refer to the vendor's security advisory for full details. No workarounds are provided; applying the patches is the recommended mitigation [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
71.100E to 1.200J+ 1 more
- (no CPE)range: 1.100E to 1.200J
- (no CPE)range: from 1.100E to 1.200J
1.122C to 1.290C+ 1 more
- (no CPE)range: 1.122C to 1.290C
- (no CPE)range: from 1.122C to 1.290C
1.000A to 1.090U+ 1 more
- (no CPE)range: 1.000A to 1.090U
- (no CPE)range: from 1.000A to 1.090U
- Mitsubishi Electric Corporation/Motion Control Setting(GX Works3 related software)v5Range: from 1.035M to 1.042U
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfmitrevendor-advisory
- jvn.jp/vu/JVNVU97244961/index.htmlmitregovernment-resource
- www.cisa.gov/uscert/ics/advisories/icsa-22-333-05mitregovernment-resource
News mentions
0No linked articles in our index yet.