Mitsubishi Electric GT Designer3 Cleartext Storage of Credentials Vulnerability

A vulnerability allowing information disclosure through cleartext storage of sensitive information has been identified in Mitsubishi Electric GT Designer3 Version 1 (GOT2000) and Version 1 (GOT1000), all versions. This vulnerability allows a local, unauthenticated attacker to retrieve plaintext credentials from the project's file. The extracted credentials could be used to illegitimately control devices in the GOT2000 or GOT1000 series.

Impact

Exploitation of this vulnerability could lead to unauthorized access and control over devices in the GOT2000 or GOT1000 series, using the obtained credentials.

Remediation

Mitsubishi Electric has no plans to release a fixed version for this vulnerability. As a workaround, it is recommended to use the affected product within a trusted local area network, block remote logins from untrusted sources, and employ a firewall or VPN when accessing the internet. Additionally, installing antivirus software and avoiding untrusted files or links can help mitigate the risk.