CVE-2025-3784 is a vulnerability classified under CWE-312, indicating cleartext storage of sensitive information. It affects all versions of Mitsubishi Electric Corporation's GX Works2, a software suite used for programming and configuring Mitsubishi PLCs (Programmable Logic Controllers) in industrial automation. The vulnerability arises because credential information used for user authentication is stored in plaintext within project files. An attacker who gains local access to these project files can extract the stored credentials without needing to bypass encryption or other protections. With these credentials, the attacker can open project files that are otherwise protected by user authentication, enabling them to view or modify project configurations. The CVSS v3.1 score is 5.5 (medium severity), reflecting that the attack vector is local (AV:L), requires low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality (C:H) but not integrity or availability. The vulnerability does not currently have known exploits in the wild, and no patches have been published. The risk is primarily to confidentiality of sensitive project data and credentials, which could lead to unauthorized access and potential manipulation of industrial control system configurations. This vulnerability highlights the importance of secure credential storage and access control in industrial software environments.

For European organizations, especially those in manufacturing, energy, and critical infrastructure sectors that utilize Mitsubishi Electric's GX Works2 software, this vulnerability poses a risk of unauthorized disclosure of sensitive credential information. Such disclosure could enable attackers to access and modify PLC project files, potentially disrupting industrial processes or causing safety hazards. The confidentiality breach could lead to intellectual property theft or sabotage. Since the vulnerability requires local access, the threat is higher in environments where endpoint security is weak or insider threats exist. The lack of integrity and availability impact reduces the risk of direct operational disruption, but unauthorized modifications could indirectly affect system behavior. European organizations with complex supply chains and automation systems may face increased risk if attackers leverage this vulnerability to move laterally or escalate privileges within industrial networks.

To mitigate this vulnerability, European organizations should implement strict access controls on systems storing GX Works2 project files, ensuring only authorized personnel can access these files. Employing full disk encryption or file-level encryption can protect sensitive data at rest. Organizations should audit and monitor access to project files to detect unauthorized attempts. Since no patches are currently available, consider isolating engineering workstations and limiting network connectivity to reduce exposure. Educate staff about the risks of storing credentials in plaintext and encourage secure credential management practices. Additionally, consider using external credential vaults or password managers instead of relying on software-stored credentials. Regular backups of project files should be maintained to enable recovery from unauthorized modifications. Finally, coordinate with Mitsubishi Electric for updates or patches addressing this vulnerability.