Mitsubishi Electric GX Works2

Monitor5.5ICS-CERT ICSA-25-338-01Dec 4, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

GX Works2 contains an authentication weakness that allows disclosure of credentials stored in project files. Successful exploitation could allow an attacker with local access to open password-protected project files using disclosed credential information and obtain or modify project information. The vulnerability affects all versions of GX Works2.

What this means

What could happen

An attacker with local access to an engineering workstation could bypass password protection on project files and read or modify control logic, potentially allowing unauthorized changes to process parameters or control sequences that affect power generation, distribution, or other critical operations.

Who's at risk

Organizations in the energy sector using Mitsubishi Electric GX Works2 (the engineering software for programming PLCs and industrial controllers) on engineering workstations. This primarily affects utilities and industrial facilities that develop, maintain, or update control logic on Mitsubishi programmable controllers.

How it could be exploited

An attacker must first gain local access to a PC running GX Works2 (e.g., through physical access, USB, or lateral movement after compromising another system). Once on that PC, the attacker uses disclosed credential information to open password-protected project files without entering the correct password, then can read or modify the control logic and configuration stored in those files.

Prerequisites

Local access to a PC running GX Works2
Physical access to the engineering workstation or prior compromise of the workstation
Knowledge of or access to disclosed credential information

No patch availableLocal access required (limits scope)Low EPSS score (0.0%)Not actively exploitedAffects industrial control engineering function

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

GX Works2: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGRestrict physical access to PCs running GX Works2 and to network devices that can communicate with those PCs

HARDENINGBlock remote logins from untrusted networks using firewall rules or VPN restrictions; allow remote access only for trusted users

HARDENINGIsolate GX Works2 PCs to a separate engineering LAN and prevent remote connections from the Internet

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

WORKAROUNDInstall and maintain antivirus software on all PCs running GX Works2

WORKAROUNDEncrypt project files when sending or receiving them over the Internet or untrusted networks

HOTFIXMonitor Mitsubishi Electric security bulletins and apply vendor-supplied patch when available

CVEs (1)

CVE-2025-3784

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0a1d7a4a-9fff-47df-94e8-41ac3f1006d5