CVE-2025-11009
Unknown Unknown - Not Provided
Cleartext Credential Storage in Mitsubishi GT Designer3 Enables Unauthorized Access

Publication date: 2025-12-17

Last updated on: 2025-12-17

Assigner: Mitsubishi Electric Corporation

Description
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-17
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11009
EUVD
EUVD-2025-203861
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mitsubishi electric_gt_designer3 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11009 is an Information Disclosure vulnerability in Mitsubishi Electric's GT Designer3 software for GOT2000 and GOT1000 series. The vulnerability occurs because sensitive user authentication credentials are stored in plaintext within project files. This allows a local unauthenticated attacker who obtains these project files to extract the plaintext credentials, potentially enabling unauthorized operation of the affected devices. [1, 2]

Impact Analysis

This vulnerability can allow an attacker to obtain plaintext credentials from project files and use them to operate GOT2000 or GOT1000 series devices illegally. This unauthorized access could lead to manipulation or control of these devices without permission. The vulnerability has a high confidentiality impact but does not affect integrity or availability. [1, 2]

Detection Guidance

This vulnerability can be detected by inspecting the project files of Mitsubishi Electric GT Designer3 for the presence of plaintext credentials. Since the credentials are stored in cleartext within these project files, you can search for sensitive information by examining the files directly. Specific commands are not provided in the resources, but a general approach would be to use file inspection or text search commands (e.g., grep on Linux or findstr on Windows) to look for credential patterns within the project files. Monitoring network traffic for unauthorized access attempts is also advisable, but no explicit detection commands are given. [1, 2]

Mitigation Strategies

Immediate mitigation steps include: restricting the use of affected GT Designer3 products to trusted LAN environments; blocking remote logins from untrusted networks, hosts, or users; employing firewalls and VPNs when connecting affected PCs to the Internet to prevent unauthorized access; physically restricting access to affected PCs and network devices; installing antivirus software; and avoiding opening untrusted files or clicking on untrusted links. Since no fixed version is planned, these measures help reduce the risk of exploitation. [1, 2]

Compliance Impact

The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, since the vulnerability involves cleartext storage of sensitive credentials, it could potentially lead to unauthorized access and information disclosure, which may affect compliance with data protection regulations that require safeguarding sensitive information. No direct statements about compliance impact are given. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11009. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart