PT-2021-13: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules FX5U(C) CPU and FX5UJ CPU modules Severity level Severity level: Medium Impact: Access to sensitive PLC information in FX5U(C) CPU and FX5UJ CPU modules Access Vector: Remote CVSS v3.0 Base Score: 6,8 Vector: (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) CVE-2022-25160 Vulnerability description:The vulnerability of the FX5U(C) CPU and FX5UJ CPU modules of Mitsubishi Electric FA products is associated with the possibility of access to sensitive PLC information. Exploiting the vulnerability may allow an attacker who has access to the project file to obtain the values of the parameters of the key security mechanism, which are stored in the clear. Advisory status 15.12.2021 - Vendor gets vulnerability details 31.03.2022 - Security advisory publication date (https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2021-031_en.pdf ) Credits The vulnerability was detected by Anton Dorfman and Artur Akhatov (Positive Technologies)