---
title: "Mitsubishi Electric GX Works2 Flaw Exposes Sensitive Data in Plaintext"
short_title: "GX Works2 vulnerability exposes plaintext credentials"
description: "Mitsubishi Electric's GX Works2 software flaw (CVE-2025-3784) stores sensitive data in plaintext, risking unauthorized access. Learn mitigation steps now."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [mitsubishi-electric, cve-2025-3784, cleartext-storage, ics-security, critical-manufacturing]
score: 0.75
cve_ids: [CVE-2025-3784]
---
TL;DR
Mitsubishi Electric’s GX Works2 software is affected by a critical vulnerability (CVE-2025-3784) that stores sensitive information in plaintext. Attackers could exploit this flaw to access or modify project files, compromising industrial control systems (ICS). Mitigation steps are available, but a patch is still under development.
---
Main Content
Introduction
Mitsubishi Electric, a global leader in industrial automation, has disclosed a high-severity vulnerability in its GX Works2 software. Tracked as CVE-2025-3784, the flaw involves the cleartext storage of sensitive information, exposing project files to unauthorized access. This vulnerability poses significant risks to organizations in the critical manufacturing sector, where GX Works2 is widely deployed for programming and managing industrial control systems (ICS).
---
Key Points
- Vulnerability: Cleartext storage of sensitive information (CWE-312) in GX Works2 project files.
- Impact: Attackers can disclose credentials, access protected project files, and modify critical data.
- CVSS Scores:
- CVSS v3.1: 5.5 (Medium Severity)
- CVSS v4.0: 6.8 (Medium Severity)
- Affected Products: All versions of GX Works2.
- Mitigation: No patch available yet, but Mitsubishi Electric recommends implementing network security measures and encrypting project files.
---
Technical Details
#### Affected Products
The vulnerability impacts all versions of Mitsubishi Electric’s GX Works2 software, a widely used tool for programming and configuring programmable logic controllers (PLCs) in industrial environments.
#### Vulnerability Overview
The flaw (CVE-2025-3784) stems from the cleartext storage of sensitive information in project files. This means that credentials and other critical data are stored without encryption, making them easily accessible to attackers. Exploitation could allow unauthorized users to:
- Disclose credential information from project files.
- Open project files protected by user authentication.
- Obtain or modify project information, potentially disrupting industrial operations.
#### CVSS Analysis
- CVSS v3.1 Base Score: 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
- Attack Vector (AV): Local
- Attack Complexity (AC): Low
- Privileges Required (PR): Low
- User Interaction (UI): None
- Scope (S): Unchanged
- Confidentiality (C): High
- Integrity (I): None
- Availability (A): None
- CVSS v4.0 Base Score: 6.8 (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)
- Attack Requirements (AT): None
- Vulnerable Component (VC): High
- Subsequent System Impact (SC/SI/SA): None
---
Impact Assessment
#### Sectors at Risk
This vulnerability primarily affects the critical manufacturing sector, where GX Works2 is extensively used for automating and managing industrial processes. Organizations relying on this software for PLC programming and configuration are at risk of:
- Unauthorized access to sensitive project files.
- Data manipulation, which could lead to operational disruptions or safety incidents.
- Credential theft, enabling further attacks on industrial networks.
#### Global Reach
Mitsubishi Electric’s products are deployed worldwide, with the company’s headquarters located in Japan. The vulnerability’s impact extends to organizations across North America, Europe, and Asia, where industrial automation systems are prevalent.
---
Mitigation Steps
Mitsubishi Electric is currently developing a patch to address this vulnerability. In the meantime, organizations are urged to implement the following mitigation measures:
1. Network Security:
- Restrict access to PCs running GX Works2 to trusted networks and users.
- Use firewalls or VPNs to block unauthorized remote logins.
- Allow remote access only for trusted users.
2. Physical Security:
- Restrict physical access to PCs and network devices that communicate with GX Works2.
3. Endpoint Protection:
- Install antivirus software on PCs running the affected product.
4. Data Encryption:
- Encrypt project files when sending or receiving them over the Internet.
5. Monitoring and Response:
- Follow CISA’s recommended practices for ICS security, including [Defense-in-Depth Strategies](https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf).
- Monitor for suspicious activity and report incidents to CISA for correlation and tracking.
For updates on the availability of security patches, refer to Mitsubishi Electric’s [security bulletin](https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf).
---
Conclusion
The CVE-2025-3784 vulnerability in Mitsubishi Electric’s GX Works2 software highlights the critical importance of secure data storage practices in industrial control systems. While a patch is under development, organizations must act now to implement network security measures, restrict access, and encrypt sensitive data to mitigate risks.
As industrial environments become increasingly connected, vulnerabilities like this underscore the need for proactive cybersecurity strategies to safeguard critical infrastructure. Stay informed, apply mitigations promptly, and monitor for updates from Mitsubishi Electric and CISA.
---
References
[^1]: CISA. "[ICSA-25-338-01 Mitsubishi Electric GX Works2](https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01)". Retrieved 2025-01-24.
[^2]: Mitsubishi Electric. "[Security Advisory 2025-016](https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf)". Retrieved 2025-01-24.
[^3]: MITRE. "[CWE-312: Cleartext Storage of Sensitive Information](https://cwe.mitre.org/data/definitions/312.html)". Retrieved 2025-01-24.