{ "document": { "acknowledgments": [ { "names": [ "Jiho Shin" ], "organization": "Sungkyunkwan University", "summary": "reporting this vulnerability to Mitsubishi Electric" }, { "organization": "Mitsubishi Electric", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage" } }, "lang": "en-US", "notes": [ { "category": "legal_disclaimer", "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).", "title": "Legal Notice and Terms of Use" }, { "category": "summary", "text": "Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information.", "title": "Risk evaluation" }, { "category": "other", "text": "Critical Manufacturing", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Japan", "title": "Company headquarters location" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.", "title": "Recommended Practices" } ], "publisher": { "category": "coordinator", "contact_details": "central@cisa.dhs.gov", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-25-338-01 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-338-01.json" }, { "category": "self", "summary": "ICSA Advisory ICSA-25-338-01 - Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/topics/industrial-control-systems" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing" }, { "category": "external", "summary": "Recommended Practices", "url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks" } ], "title": "Mitsubishi Electric GX Works2", "tracking": { "current_release_date": "2025-12-04T07:00:00.000000Z", "generator": { "date": "2025-12-04T14:09:57.353243Z", "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-25-338-01", "initial_release_date": "2025-12-04T07:00:00.000000Z", "revision_history": [ { "date": "2025-12-04T07:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "Initial Publication" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:all/*", "product": { "name": "Mitsubishi Electric GX Works2: vers:all/*", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "GX Works2" } ], "category": "vendor", "name": "Mitsubishi Electric" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-3784", "cwe": { "id": "CWE-312", "name": "Cleartext Storage of Sensitive Information" }, "notes": [ { "category": "summary", "text": "An attacker could disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.", "title": "Vulnerability Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001" ] }, "references": [ { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2025-3784" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "remediations": [ { "category": "mitigation", "details": "The fixed version for this vulnerability is currently under development by Mitsubishi Electric. Until the fixed version is released, please implement the following mitigations:", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Use the PCs with the affected product installed in the LAN and block remote logins from untrusted networks, hosts, or users.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Block unauthorized access by using a firewall or a virtual private network (VPN), etc., and allow remote logins only for trusted users when connecting the PCs with the affected product installed to the Internet.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Restrict physical access to the PCs with the affected product installed, as well as to PCs and network devices that can communicate with those PCs.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Install an antivirus software on the PCs running the affected product.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "Encrypt project files when sending or receiving them over the Internet.", "product_ids": [ "CSAFPID-0001" ] }, { "category": "mitigation", "details": "See Mitsubishi Electric's security bulletin for information on the availability of the security updates.", "product_ids": [ "CSAFPID-0001" ], "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf" } ], "scores": [ { "cvss_v3": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-0001" ] } ] } ] }