Fuji Electric FRENIC-Loader 4

Plan PatchCVSS 7.8ICS-CERT ICSA-25-245-02Sep 2, 2025

Fuji ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

FRENIC-Loader 4 versions before 1.4.0.1 contain a deserialization vulnerability (CWE-502) that allows arbitrary code execution when a user opens a malicious file. The vulnerability is local-only, requiring user interaction to open a crafted project or data file. No remote exploitation is possible. Fuji Electric has released version 1.4.0.1 as a patch.

What this means

What could happen

An attacker with local access to a machine running FRENIC-Loader 4 could execute arbitrary code, potentially allowing them to modify control logic, create backdoors, or disrupt the ability to program or update drive firmware in your facility.

Who's at risk

This affects engineering and programming workstations at energy facilities that use Fuji Electric's FRENIC-Loader 4 software to program and maintain FRENIC drive systems. Staff who work with variable frequency drives or motor control systems should ensure their workstations are updated.

How it could be exploited

An attacker needs to trick a user into opening a malicious file (such as a project file) on a workstation running FRENIC-Loader 4. When the application deserializes the malicious input, arbitrary code is executed with the privileges of the user running the application. No additional network access or credentials are required beyond local file interaction.

Prerequisites

Local access to a machine running FRENIC-Loader 4 versions before 1.4.0.1
User interaction: victim must open a malicious file in the application
No special credentials or elevated privileges required

local exploitation only (not remotely exploitable)no authentication requiredlow complexity attackuser interaction requiredcould compromise drive programming and firmware updates

Exploitability

Unlikely to be exploited — EPSS score 0.3%

Affected products (1)

ProductAffected VersionsFix Status

FRENIC-Loader 4: <1.4.0.1<1.4.0.11.4.0.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local and physical access to machines running FRENIC-Loader 4 to authorized personnel only

WORKAROUNDEducate users not to open project files or attachments from untrusted sources in FRENIC-Loader 4

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FRENIC-Loader 4 to version 1.4.0.1 or later on all engineering and programming workstations

Long-term hardening

0/1

HARDENINGImplement file integrity monitoring or application control on workstations running FRENIC-Loader 4 to detect unauthorized code execution

CVEs (1)

CVE-2025-9365

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/af0b2ae1-fa7e-44a6-81ff-69b2ad45afde

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.