Fuji Electric Alpha7 PC Loader
Low Risk3.3ICS-CERT ICSA-19-136-02May 16, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Out-of-bounds read vulnerability in Fuji Electric Alpha7 PC Loader version 1.1 and earlier. Successful exploitation causes the application to crash (CWE-125). The vulnerability is triggered when a user loads a specially crafted file into the loader. Not remotely exploitable and requires user interaction to trigger.
What this means
What could happen
A local attacker with user interaction could crash the Alpha7 PC Loader application, causing loss of configuration management capability and potential disruption to power system engineering workflows.
Who's at risk
Energy sector organizations using Fuji Electric Alpha7 PC Loader for configuration and maintenance of power system equipment should prioritize this update. The loader is typically used by engineering staff and field technicians managing Fuji Electric control devices.
How it could be exploited
An attacker tricks a user into loading a malicious file into Alpha7 PC Loader on a local machine. The file triggers an out-of-bounds read vulnerability that causes the application to crash, denying access to loader functions.
Prerequisites
- Local access to the machine running Alpha7 PC Loader
- User interaction required (victim must open/load a malicious file)
- No authentication required
low complexityuser interaction requiredlocal access onlydenial of service impact
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Alpha7 PC Loader:≤ 1.11.2
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDDo not load files from untrusted or unknown sources into Alpha7 PC Loader
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Alpha7 PC Loader to version 1.2 or later
Long-term hardening
0/1HARDENINGBlock or filter suspicious email attachments and warn users about unsolicited file downloads
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e849a469-7b79-4c67-b89c-b476c1111462