Mitsubishi Electric FREQSHIP-mini for Windows

Plan PatchCVSS 8.8ICS-CERT ICSA-26-034-01Feb 3, 2026

Mitsubishi ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 contain a file permission vulnerability (CWE-276) that allows a local user with non-administrator privileges to access, modify, or delete system information, or cause a denial-of-service condition. The vulnerability is local-access only and requires an attacker to have a user account on the affected Windows PC.

What this means

What could happen

An attacker with local access to a PC running FREQSHIP-mini could read, modify, or delete files on the system, or crash the application and disrupt operations that depend on this frequency control software.

Who's at risk

Energy utilities and manufacturing facilities using Mitsubishi Electric FREQSHIP-mini for Windows (versions 8.0.0–8.0.2) to manage frequency control or power distribution need to patch or isolate affected systems. Any organization running this software on workstations or servers connected to networks should prioritize access controls.

How it could be exploited

An attacker with local user access (non-administrator) to the Windows PC running FREQSHIP-mini can exploit file permission issues to gain unauthorized access to system resources or modify application data. Physical access to the network segment hosting the PC also creates risk if remote login controls are not properly configured.

Prerequisites

Local user account on the Windows PC running FREQSHIP-mini
Network access to the PC if remote login is enabled
Physical access to the network if network segmentation is not in place

local access requiredlow complexity exploitfile permission issuesaffects frequency control operations

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

FREQSHIP-mini for Windows: >=8.0.0|<=8.0.2≥ 8.0.0|≤ 8.0.28.1.0+

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict remote login to administrator accounts only, and block all remote logins from untrusted networks

HARDENINGImplement firewall rules to limit network access to PCs running FREQSHIP-mini, or isolate them to a local network segment only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FREQSHIP-mini for Windows to version 8.1.0 or later

HARDENINGDeploy and maintain current antivirus software on all PCs running FREQSHIP-mini

Long-term hardening

0/1

HARDENINGRestrict physical access to PCs running FREQSHIP-mini and their network connections to authorized personnel only

CVEs (1)

CVE-2025-10314

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d43ac0a1-9397-469d-895b-364c482d1474

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.