OTPulse

Mitsubishi Electric GX Works2

MonitorCVSS 5.5ICS-CERT ICSA-25-338-01Dec 4, 2025
Mitsubishi ElectricEnergy
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

GX Works2 contains a vulnerability that allows attackers with local access to open project files protected by user authentication and obtain or modify project information. The vulnerability exploits disclosed credential information to bypass password protection on engineering projects. This is not remotely exploitable; an attacker must have interactive access to the workstation. Mitsubishi Electric has not released a patch and states a fixed version is under development. Until patched, administrators must implement network and physical access controls to prevent unauthorized local access to engineering workstations.

What this means
What could happen
An attacker with local access to a workstation running GX Works2 could read or modify protected engineering project files without valid credentials, potentially altering control logic or configuration in Mitsubishi industrial systems.
Who's at risk
Engineering teams and operations staff at energy utilities and manufacturing facilities using Mitsubishi Electric GX Works2 for programming PLCs, FX series controllers, and Q series systems. This affects any organization relying on Mitsubishi automation equipment, particularly critical infrastructure in the energy sector where engineering workstations store sensitive control logic.
How it could be exploited
An attacker must first gain local access to a Windows PC running GX Works2 (either physically present or via remote desktop/terminal access). Once on the system, they can open password-protected project files using disclosed credential information, bypassing authentication and accessing sensitive engineering data or modifying control logic configurations.
Prerequisites
  • Local or remote interactive access to the workstation running GX Works2
  • User-level privileges on the Windows system
  • Access to the GX Works2 application or its project file storage
no patch availableaffects critical engineering toolallows unauthorized access to control logiclocal access required but workstations often connected to corporate networks
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
GX Works2: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2
HARDENINGRestrict physical and remote access to PCs running GX Works2. Block remote desktop logins and terminal access from untrusted networks using Windows firewall rules or network-level VPN restrictions.
HARDENINGImplement network segmentation to isolate engineering workstations from the Internet. Establish a DMZ or air-gapped LAN for GX Works2 systems and block inbound connections from untrusted networks.
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

HARDENINGEnable Windows user account access controls and disable anonymous or default accounts on engineering workstations. Require strong authentication (multi-factor authentication if available) for any remote access.
WORKAROUNDEncrypt project files when transmitting them over the Internet or to external parties. Use TLS/SFTP for file transfers and consider full-disk encryption on GX Works2 workstations.
HARDENINGInstall and maintain antivirus software on all PCs running GX Works2 to detect unauthorized access attempts and malware that could be used to facilitate local compromise.
HOTFIXMonitor Mitsubishi Electric security advisories and test any released patch when available. When a fixed version is released, plan a maintenance window to upgrade all affected GX Works2 installations.
View full CISA ICS-CERT advisory
API: /api/v1/advisories/0a1d7a4a-9fff-47df-94e8-41ac3f1006d5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.