This article discusses a vulnerability in Mitsubishi Electricβs GT Designer3 software that allows attackers to obtain plaintext credentials from project files, potentially leading to unauthorized operation of GOT2000 and GOT1000 series devices. Protective measures and best practices are recommended to mitigate the risks associated with this vulnerable software. #CVE-2025-11009 #CWE-312 #MitsubishiElectric #GOT2000 #GOT1000
Keypoints
- The vulnerability affects all versions of Mitsubishi Electric GT Designer3 Version 1 for GOT2000 and GOT1000 series.
- It stems from the cleartext storage of sensitive credentials in project files, making them accessible to attackers.
- The CVE-2025-11009 vulnerability could enable attackers to operate devices illegally with obtained credentials.
- Mitigation measures include network isolation, secure remote access methods, and proper impact analysis.
- No public exploitation has been reported, and the vulnerability is not remotely exploitable but has high attack complexity.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-04