Mitsubishi Electric GT Designer3

MonitorCVSS 5.1ICS-CERT ICSA-25-350-04Dec 16, 2025

Mitsubishi ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

GT Designer3 versions 1 for both GOT2000 and GOT1000 series store login credentials in plaintext within project files. An attacker who obtains access to these project files can extract the credentials and use them to remotely access and control the connected operator terminals, potentially allowing unauthorized modification of process setpoints, alarms, or operational logic.

What this means

What could happen

An attacker with access to GT Designer3 project files can extract plaintext credentials embedded in those files, which could then be used to remotely access and control connected GOT2000 and GOT1000 operator terminals, potentially altering process logic or disrupting operations.

Who's at risk

Engineering and operations staff at energy utilities and manufacturing plants using Mitsubishi Electric GT Designer3 to program GOT2000 and GOT1000 operator terminals. This primarily affects HMI/operator interface configuration and plant control engineering workflows.

How it could be exploited

An attacker gains access to a GT Designer3 project file (via email attachment, shared drive, USB media, or by compromising a workstation), opens it with the affected software, and extracts plaintext credentials stored in the project file. These credentials can then be used to log into GOT terminals on the plant network and issue unauthorized commands.

Prerequisites

Access to a GT Designer3 project file on the engineer's workstation or shared network location
The project file must contain stored credentials for GOT terminals
Network connectivity from the attacker's machine to the GOT2000 or GOT1000 devices (either direct or via compromised engineer workstation)

No patch availableAffects engineering workstations in OT environmentsCredential theft enables remote control of industrial terminalsPlaintext credential storage

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

GT Designer3 Version1 (GOT2000): vers:all/*All versionsNo fix (EOL)

GT Designer3 Version1 (GOT1000): vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/4

HARDENINGRestrict file sharing and access controls on directories where GT Designer3 project files are stored; limit to engineering staff only

WORKAROUNDBlock remote login to engineer workstations from untrusted networks and external hosts using firewall rules

HARDENINGDeploy antivirus software on all computers running GT Designer3 to detect malware that may steal project files

HARDENINGTrain engineering staff to avoid opening project files from untrusted sources and suspicious email attachments

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

GT Designer3 Version1 (GOT2000): vers:all/*

HARDENINGImplement network segmentation to isolate GOT2000 and GOT1000 terminals from the corporate LAN; restrict access to engineering workstations only

HARDENINGDisable or revoke stored credentials in GOT2000 and GOT1000 terminals; require manual entry of credentials at login or use external authentication (LDAP, RADIUS if supported)

CVEs (1)

CVE-2025-11009

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cdd197e4-21f5-4031-8e3f-a6e1c672b54e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.