Mitsubishi Electric GX Works2 Information Disclosure Vulnerability

A vulnerability allowing information disclosure exists in all versions of Mitsubishi Electric GX Works2. This issue arises from the cleartext storage of sensitive information, specifically credential data, in project files. An attacker could exploit this vulnerability to access project files that are protected by user authentication, using the disclosed credentials to obtain or modify project information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to project files and the ability to modify project information, using disclosed credentials to bypass user authentication.

Remediation

Mitsubishi Electric is currently developing a fixed version for this vulnerability. In the meantime, customers are advised to use the affected product within a trusted LAN, block remote logins from untrusted networks or users, and restrict physical access to the PCs running the affected software. Additionally, project files should be encrypted when sent over the internet.