ICONICS and Mitsubishi Electric HMI SCADA information disclosure | CVE-2022-23129
NAME
ICONICS and Mitsubishi Electric HMI SCADA information disclosure
- Platforms Affected:
Mitsubishi Electric MC Works64
ICONICS GENESIS64
ICONICS Hyper Historian
ICONICS AnalytiX
ICONICS MobileHMI - Risk Level:
7.7 - Exploitability:
High - Consequences:
Obtain Information
DESCRIPTION
ICONICS and Mitsubishi Electric HMI SCAD products could allow a remote authenticated attacker to obtain sensitive information, caused by plaintext storage of passwords. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS 3.0 Information
- Privileges Required: High
- User Interaction: Required
- Scope: Changed
- Access Vector: Local
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Mitsubishi Security Advisory for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://iconics.com/Support/CERT - Reference Link:
https://www.cisa.gov/uscert/ics/advisories/icsa-22-020-01
