Fuji Electric FRENIC Devices (Update A)

Act Now9.8ICS-CERT ICSA-18-270-03Sep 27, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Buffer overflow vulnerabilities (CWE-121, CWE-125, CWE-126) in FRENIC Loader firmware versions 3.3 through 7.3.4.1a allow unauthenticated remote code execution on FRENIC variable frequency drive controllers. Affected products include FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, and FRENIC-Ace. Successful exploitation could allow an attacker to execute arbitrary commands on the drive, affecting motor control and process availability.

What this means

What could happen

An attacker could execute arbitrary commands on FRENIC variable frequency drives, potentially disrupting motor control, altering process parameters, or halting operations at water pumping stations or electrical distribution systems.

Who's at risk

Water authorities and electric utilities operating Fuji Electric FRENIC variable frequency drives (used to control pump motors, fan motors, and motor loads). Affected models include FRENIC-Mini (C1/C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, and FRENIC-Ace running FRENIC Loader firmware versions 3.3 through 7.3.4.1a.

How it could be exploited

An attacker with network access to an affected FRENIC device could exploit a buffer overflow vulnerability (CWE-121) in the FRENIC Loader firmware to inject and execute arbitrary code remotely without authentication. This could be done via direct network connection if the device is exposed, or through a compromised industrial network.

Prerequisites

Network connectivity to the FRENIC device on its management or control interface
No credentials required

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS (9.8)Affects industrial motor control equipment

Exploitability

Moderate exploit probability (EPSS 3.5%)

Affected products (1)

ProductAffected VersionsFix Status

FRENIC Loader, FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace - FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace≥ 3.3 | ≤ 7.3.4.1aFix available

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate FRENIC devices behind firewalls and restrict network access to only authorized engineering workstations and control systems

WORKAROUNDDisable remote access to FRENIC devices unless absolutely required for operations; if remote access is necessary, route it through a VPN with current security updates

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXDownload and install the patched FRENIC Loader firmware from Fuji Electric (link provided in advisory) to replace versions 3.3 through 7.3.4.1a

Long-term hardening

0/1

HARDENINGImplement network segmentation to separate control system networks (where FRENIC devices reside) from business/office networks and the Internet

CVEs (3)

CVE-2018-14790 CVE-2018-14798 CVE-2018-14802

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d1b8a872-6d8b-49ff-84a0-adb5b0ddc842