Fuji Electric FRENIC-Loader 4

Plan Patch7.8ICS-CERT ICSA-25-245-02Sep 2, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

FRENIC-Loader 4 versions prior to 1.4.0.1 contain an insecure deserialization vulnerability (CWE-502) that allows arbitrary code execution. The vulnerability requires local access to the machine running FRENIC-Loader 4 and user interaction to trigger the malicious object load. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running the application, potentially compromising drive configuration and control parameters in Fuji Electric motor drive systems used in industrial processes.

What this means

What could happen

An attacker with local access to a machine running FRENIC-Loader 4 could execute arbitrary code, potentially gaining control of the configuration and operation of Fuji Electric motor drives and drive systems used in industrial processes.

Who's at risk

Energy sector operators using Fuji Electric FRENIC motor drives and variable frequency drives (VFDs) should prioritize this. This affects anyone who uses FRENIC-Loader 4 for drive configuration and parameter management on engineering workstations or maintenance systems.

How it could be exploited

An attacker must first gain local access to a workstation or engineering system running FRENIC-Loader 4 (via USB, shared drive, or compromised local user account). Once local access is obtained, the attacker can exploit the insecure deserialization flaw to inject and execute arbitrary code with the privileges of the user running the application.

Prerequisites

Local access to machine running FRENIC-Loader 4
User interaction required (attacker must trigger application to load malicious serialized object)
No elevated privileges required

Local access required (reduces attack surface compared to remote)User interaction needed (reduces likelihood)No authentication bypassDeserialization vulnerability (CWE-502, commonly exploitable)Affects drive configuration tools (could alter motor speeds, torque limits, safety parameters)

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

FRENIC-Loader 4: <1.4.0.1<1.4.0.11.4.0.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict local access to machines running FRENIC-Loader 4; limit engineering workstation access to authorized personnel only

HARDENINGImplement USB restrictions and endpoint detection controls on engineering workstations to prevent unauthorized code execution

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FRENIC-Loader 4 to version 1.4.0.1 or later

Long-term hardening

0/1

HARDENINGIsolate engineering workstations and configuration systems from general office networks and the internet using network segmentation

CVEs (1)

CVE-2025-9365

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/af0b2ae1-fa7e-44a6-81ff-69b2ad45afde