CVE-2025-3784 is a vulnerability classified under CWE-312 (Cleartext Storage of Sensitive Information) affecting all versions of Mitsubishi Electric Corporation's GX Works2 software, a widely used programming environment for Mitsubishi PLCs (Programmable Logic Controllers). The vulnerability arises because GX Works2 stores credential information in project files without encryption or adequate protection, leaving sensitive data exposed in cleartext. An attacker with local access and low privileges can extract these credentials directly from the project files. With the disclosed credentials, the attacker can bypass user authentication mechanisms designed to protect project files, enabling unauthorized opening, viewing, or modification of project configurations. This can compromise the integrity of industrial control processes managed by the PLCs programmed via GX Works2. The vulnerability does not require user interaction and has a CVSS 3.1 base score of 5.5, indicating a medium severity primarily due to the confidentiality impact. The attack vector is local (AV:L), requiring low privileges (PR:L), and no user interaction (UI:N). Although no exploits are currently known in the wild, the risk remains significant given the critical nature of industrial control systems and the potential for sabotage or operational disruption if project files are altered maliciously. The vulnerability is present in all versions of GX Works2, emphasizing the need for immediate attention from users of this software.

For European organizations, especially those operating in manufacturing, energy, and critical infrastructure sectors relying on Mitsubishi Electric's GX Works2 for PLC programming, this vulnerability poses a risk of unauthorized disclosure of sensitive credentials. Such exposure can lead to unauthorized access to project files, allowing attackers to alter control logic or configurations, potentially causing operational disruptions, safety hazards, or production downtime. The confidentiality breach could also facilitate further lateral movement within industrial networks. Given the critical role of PLCs in industrial automation, exploitation could impact availability indirectly through sabotage or misconfiguration. The medium severity score reflects that while the vulnerability does not directly affect system availability or integrity, the compromise of credentials can lead to significant downstream consequences. European organizations with lax local access controls or insufficient file protection mechanisms are particularly vulnerable. The absence of known exploits suggests a window for proactive mitigation before active exploitation occurs.

To mitigate CVE-2025-3784, European organizations should implement the following specific measures: 1) Restrict local access to systems running GX Works2 to authorized personnel only, employing strong physical and logical access controls. 2) Encrypt or securely store project files containing credentials using filesystem-level encryption or secure vault solutions to prevent plaintext exposure. 3) Regularly audit and monitor access to project files for unauthorized attempts or anomalies. 4) Implement strict user privilege management to limit the number of users with access to sensitive project files and credentials. 5) Use network segmentation to isolate engineering workstations running GX Works2 from broader enterprise and internet-facing networks. 6) Maintain an inventory of all GX Works2 installations and ensure that any future patches or updates addressing this vulnerability are applied promptly once available. 7) Educate engineering and operational staff on the risks of credential exposure and enforce policies against storing sensitive information in unprotected files. 8) Consider employing application whitelisting and endpoint detection solutions to detect unauthorized access or modification attempts on project files. These targeted actions go beyond generic advice by focusing on protecting the cleartext credential storage vector and limiting attacker access.