Unrated severityNVD Advisory· Published Nov 24, 2022· Updated Apr 25, 2025

CVE-2022-29833

Description

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated users could access to MELSEC safety CPU modules illgally.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Insufficiently Protected Credentials in Mitsubishi Electric GX Works3 v1.015R+ allows remote unauthenticated attackers to disclose sensitive information and gain unauthorized access to MELSEC safety CPU modules.

Vulnerability

CVE-2022-29833 is an insufficiently protected credentials vulnerability in Mitsubishi Electric GX Works3 engineering software versions 1.015R and later. Affected versions include 1.015R to 1.087R, 1.090U, 1.095Z, and 1.096A and later. The vulnerability allows an attacker to disclose sensitive credentials stored insecurely by the software [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability without any special privileges or user interaction. By sending crafted network requests or leveraging the insufficiently protected credential storage mechanism, the attacker can retrieve sensitive information [1].

Impact

Successful exploitation leads to disclosure of credentials, which can then be used to gain unauthorized access to MELSEC iQ-R/F/L series CPU modules and MELSEC safety CPU modules. This could allow the attacker to view and execute programs or view project files without proper permissions [1].

Mitigation

Mitsubishi Electric recommends updating GX Works3 to the latest version. Fixed versions are available from the vendor. Users should also implement network segmentation and restrict access to the engineering software as a workaround [1].

References

Mitsubishi Electric FA Engineering Software (Update C) | CISA

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Mitsubishielectric/GX Works3llm-fuzzy
Range: >=1.015R
Mitsubishielectric/GX Works2cpe-rescue
Range: 1.015R and later

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-015_en.pdfmitrevendor-advisory
jvn.jp/vu/JVNVU97244961mitregovernment-resource
www.cisa.gov/uscert/ics/advisories/icsa-22-333-05mitregovernment-resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000