Sign-up

ID

VAR-202201-0606


CVE

CVE-2022-23129


TITLE

Mitsubishi Electric MC Works64  and  ICONICS GENESIS64  Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003879

DESCRIPTION

Plaintext Storage of a Password vulnerability in Mitsubishi Electric MC Works64 versions 4.04E (10.95.210.01) and prior and ICONICS GENESIS64 versions 10.90 to 10.97 allows a local authenticated attacker to gain authentication information and to access the database illegally. This is because when configuration information of GridWorX, a database linkage function of GENESIS64 and MC Works64, is exported to a CSV file, the authentication information is saved in plaintext, and an attacker who can access this CSV file can gain the authentication information. Mitsubishi Electric MC Works64 and ICONICS GENESIS64 There is a vulnerability in plaintext storage of important information.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2022-23129 // JVNDB: JVNDB-2022-003879

AFFECTED PRODUCTS

vendor:iconicsmodel:genesis64scope:lteversion:10.97

Trust: 1.0

vendor:mitsubishielectricmodel:mc works64scope:ltversion:10.95.210.01

Trust: 1.0

vendor:iconicsmodel:genesis64scope:gteversion:10.90

Trust: 1.0

vendor:iconicsmodel:genesis 64scope: - version: -

Trust: 0.8

vendor:三菱電機model:mc works64scope:lteversion:4.04e (10.95.210.01) and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2022-003879 // NVD: CVE-2022-23129

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-23129
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202201-1795
value: MEDIUM

Trust: 0.6

NVD: CVE-2022-23129
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.8

NVD: CVE-2022-23129
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-23129
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-003879 // CNNVD: CNNVD-202201-1795 // NVD: CVE-2022-23129

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003879 // NVD: CVE-2022-23129

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1795

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-1795

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-23129

PATCH
title:Top Page Mitsubishi Electric Mitsubishi Electric Corporationurl:https://iconics.com/
Trust: 0.8
title:Mitsubishi Electric MC Works64 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=179834
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-003879 // 
            
            
            
            CNNVD: CNNVD-202201-1795

EXTERNAL IDS
db:NVDid:CVE-2022-23129
Trust: 3.2
db:JVNid:JVNVU95403720
Trust: 2.4
db:ICS CERTid:ICSA-22-020-01
Trust: 2.4
db:JVNDBid:JVNDB-2022-003879
Trust: 0.8
db:AUSCERTid:ESB-2022.0311
Trust: 0.6
db:CS-HELPid:SB2022012109
Trust: 0.6
db:CNNVDid:CNNVD-202201-1795
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-003879 // 
            
            
            
            CNNVD: CNNVD-202201-1795 // 
            
            
            
            NVD: CVE-2022-23129

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsa-22-020-01
Trust: 2.2
url:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-027_en.pdf
Trust: 1.6
url:https://jvn.jp/vu/jvnvu95403720/index.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2022-23129
Trust: 1.4
url:https://jvn.jp/vu/jvnvu95403720/
Trust: 0.8
url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-020-01
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2022.0311
Trust: 0.6
url:https://vigilance.fr/vulnerability/iconics-genesis64-four-vulnerabilities-37339
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2022012109
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-003879 // 
            
            
            
            CNNVD: CNNVD-202201-1795 // 
            
            
            
            NVD: CVE-2022-23129

CREDITS
ICONICS and Mitsubishi Electric reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202201-1795

SOURCES
db:JVNDBid:JVNDB-2022-003879
db:CNNVDid:CNNVD-202201-1795
db:NVDid:CVE-2022-23129

LAST UPDATE DATE
2023-03-11T22:22:54.544000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2022-003879date:2023-03-10T03:13:00
db:CNNVDid:CNNVD-202201-1795date:2022-02-14T00:00:00
db:NVDid:CVE-2022-23129date:2022-01-27T20:09:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2022-003879date:2023-03-10T00:00:00
db:CNNVDid:CNNVD-202201-1795date:2022-01-20T00:00:00
db:NVDid:CVE-2022-23129date:2022-01-21T19:15:00