Summary
Successful exploitation of this vulnerability could allow an attacker obtain plaintext credentials from the project file for GT Designer3, which could result in illegally operating GOT2000 and GOT1000 series devices.
The following versions of Mitsubishi Electric GT Designer3 are affected:
- GT Designer3 Version1 (GOT2000) (CVE-2025-11009)
- GT Designer3 Version1 (GOT1000) (CVE-2025-11009)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 5.1 | Mitsubishi Electric | Mitsubishi Electric GT Designer3 | Cleartext Storage of Sensitive Information |
Background
- Critical Infrastructure Sectors: Critical Manufacturing
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Japan
Vulnerabilities
CVE-2025-11009
Information Disclosure vulnerability due to Cleartext Storage of Sensitive Information(CWE-312) exists in GT Designer3. GT Designer3 stores credentials and verifies them in plain text, therefore an attacker may be able to obtain plaintext credentials from the project file for GT Designer3. As a result, the attacker may be able to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials.
Affected Products
Mitsubishi Electric GT Designer3
Vendor:
Mitsubishi Electric
Mitsubishi Electric
Product Version:
Mitsubishi Electric GT Designer3 Version1 (GOT2000): vers:all/*, Mitsubishi Electric GT Designer3 Version1 (GOT1000): vers:all/*
Mitsubishi Electric GT Designer3 Version1 (GOT2000): vers:all/*, Mitsubishi Electric GT Designer3 Version1 (GOT1000): vers:all/*
Product Status:
known_affected
known_affected
This article has been indexed from All CISA Advisories
Read the original article: