Fuji Electric Alpha5

Plan PatchCVSS 7.8ICS-CERT ICSA-22-090-03Mar 31, 2022

Fuji ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Fuji Electric Alpha5 versions prior to 4.4 contain memory corruption vulnerabilities (CWE-824, CWE-125, CWE-121, CWE-122) that could allow arbitrary code execution when a user opens a malicious file. The vulnerabilities are triggered through crafted file handling and require user interaction but do not require authentication or network access from the attacker. Successful exploitation could allow code execution on the engineering workstation, potentially enabling modification of control logic or access to sensitive information.

What this means

What could happen

An attacker who tricks a user into opening a malicious file could execute arbitrary code on the Alpha5 engineering workstation, potentially allowing them to alter control logic, modify process setpoints, or disrupt normal plant operations.

Who's at risk

Energy sector operators and engineers who use Fuji Electric Alpha5 version 4.3 or earlier for PLC programming and control logic development. This includes municipal electric utilities and power generation facilities that rely on Alpha5 for industrial control system engineering.

How it could be exploited

The attacker sends a crafted file (likely via email or social engineering) to an engineer or operator with access to the Alpha5 engineering environment. When the user opens the file, memory corruption vulnerabilities (CWE-824, CWE-125, CWE-121, CWE-122) are triggered, allowing code execution on the workstation running Alpha5. From there, the attacker could modify control logic or access sensitive plant information.

Prerequisites

User interaction required: engineer or operator must open a malicious file
Local network access to the Alpha5 engineering workstation
No special privileges or credentials needed from the attacker

Requires user interaction (social engineering via email)Local exploitation only, not remotely exploitableMemory corruption vulnerabilities with high impactNo patch available yet in some versions

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (1)

ProductAffected VersionsFix Status

Alpha5: All< 4.34.4

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDTrain engineers and operators on recognizing phishing emails and suspicious file attachments; establish a policy against opening unsolicited attachments

HARDENINGImplement email filtering and endpoint security tools to block or quarantine suspicious files before they reach users

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Alpha5 to version 4.4 or later

Long-term hardening

0/1

HARDENINGSegment the engineering network so Alpha5 workstations are isolated from general office email systems where possible

CVEs (5)

CVE-2022-21168 CVE-2022-21202 CVE-2022-24383 CVE-2022-21228 CVE-2022-21214

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8c82c12c-fa37-4a14-866d-7d23c675af9a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.