Fuji Electric FRENIC Devices (Update A) (ICSA-18-270-03)

February 14, 2019

The NCCIC has updated this advisory with additional information on mitigation measures. This advisory was initially published on September 27, 2018. Read the advisory at NCCIC/ICS-CERT.

September 27, 2018

The NCCIC has released an advisory on buffer over-read, out-of-bounds read, and stack-based buffer overflow vulnerabilities in Fuji Electric FRENIC devices. Multiple versions of the product are affected. Successful exploitation of these vulnerabilities could allow for arbitrary remote code execution affecting the availability of the device. Fuji Electric has stated it is actively working on a resolution to the reported vulnerabilities. The NCCIC indicated it will update its advisory once mitigation efforts have been reported. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.