Fuji Electric FRENIC Loader

Monitor4.4ICS-CERT ICSA-19-213-02Aug 1, 2019

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

FRENIC Loader 3.5.0.0 and prior contain an out-of-bounds read vulnerability (CWE-125) that allows disclosure of sensitive information when a user interacts with the application. The vulnerability requires local access to the engineering workstation and cannot be exploited remotely. Fuji Electric has released an updated version that corrects this issue.

What this means

What could happen

An attacker with local access to a machine running FRENIC Loader could read sensitive information from memory or files, such as configuration details or credentials used to manage Fuji Electric drive systems.

Who's at risk

Engineers and technicians at power generation and distribution utilities who use FRENIC Loader to configure Fuji Electric variable frequency drives (VFDs) on pump motors, compressors, and other critical equipment. Risk is limited to those with local access to engineering workstations.

How it could be exploited

An attacker must have physical or local access to a workstation running FRENIC Loader (the configuration software for Fuji Electric variable frequency drives). They would interact with the application to trigger the vulnerability and extract information from the process memory or application cache.

Prerequisites

Local access to the workstation running FRENIC Loader
User interaction required (the vulnerability is triggered by user action, not automatic)
FRENIC Loader version 3.5.0.0 or earlier must be installed

Local access required (not remotely exploitable)User interaction requiredLow CVSS severity (4.4)Information disclosure only (no code execution or availability impact)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

FRENIC Loader: 3.5.0.0 and prior≤ 3.5.0.0Later than 3.5.0.0 (specific version number not provided in advisory)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict physical and local network access to engineering workstations running FRENIC Loader; limit user accounts that can log in to these machines

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FRENIC Loader to a version newer than 3.5.0.0 (Fuji Electric has released a patched version)

Long-term hardening

0/1

HARDENINGIsolate engineering workstations from the business network using a DMZ or separate VLAN; do not allow remote access to these machines without a VPN and multi-factor authentication

CVEs (1)

CVE-2019-13512

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5f19596c-1797-408f-8f75-35bf670491fa