← Voltar para CVEs
CVE-2025-3784
MEDIUM5.5
Descricao
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information.
Detalhes CVE
Pontuacao CVSS v3.15.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado11/27/2025
Ultima modificacao12/8/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-312
Referencias
https://jvn.jp/vu/JVNVU95288056/(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf(Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.