All news with #fuji electric tag

Fuji Electric Monitouch V-SFT-6 Buffer Overflow Advisory

⚠️ Fuji Electric Monitouch V-SFT-6 (v6.2.7.0) contains two buffer overflow vulnerabilities — a heap-based and a stack-based overflow — triggered by specially crafted project files. Identified as CVE-2025-54496 and CVE-2025-54526, both carry CVSS v3.1 scores of 7.8 and CVSS v4 scores of 8.4. Successful exploitation could crash the HMI and may permit code execution; the vendor issued fixes in V6.2.8.0 and recommends updating to V6.2.9.0 or later.

Fuji Electric FRENIC-Loader 4 Deserialization Vulnerability

⚠️ Fuji Electric's FRENIC-Loader 4 (versions prior to 1.4.0.1) contains a deserialization of untrusted data vulnerability (CVE-2025-9365) that can allow arbitrary code execution when a crafted file is imported. CISA assigns a CVSS v4 base score of 8.4 and reports the issue has low attack complexity but is not remotely exploitable. Researcher kimiya, working with Trend Micro ZDI, reported the flaw. Fuji Electric advises updating to v1.4.0.1 and CISA recommends network segmentation, minimizing exposure, using up-to-date VPNs, and performing impact analysis.

CISA Releases Four ICS Advisories on September 2, 2025

🛡️ CISA released four Industrial Control Systems (ICS) advisories on September 2, 2025, detailing vulnerabilities and recommended mitigations for Delta Electronics EIP Builder, Fuji Electric FRENIC-Loader 4, SunPower PVS6, and an update to Hitachi Energy Relion 670/650 and SAM600-IO Series. Each advisory includes technical analysis, affected versions, and practical guidance to reduce exploitation risk. Administrators and asset owners are urged to review the notices, prioritize affected systems, and apply vendor-recommended mitigations promptly.