Summary
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to, modify, delete, or destroy information stored on the system where the affected product is installed, or cause a denial-of-service condition on the affected system.
The following versions of Mitsubishi Electric FREQSHIP-mini for Windows are affected:
- FREQSHIP-mini for Windows >=8.0.0|<=8.0.2 (CVE-2025-10314)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 8.8 | Mitsubishi Electric | Mitsubishi Electric FREQSHIP-mini for Windows | Incorrect Default Permissions |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Information Technology, Healthcare and Public Health, Government Services and Facilities
- Countries/Areas Deployed: Japan
- Company Headquarters Location: Japan
Vulnerabilities
CVE-2025-10314
A malicious code execution vulnerability exists in Mitsubishi’s small-capacity UPS shutdown software, FREQSHIP-mini for Windows, due to incorrect default permissions. A local attacker may be able to execute arbitrary code with system privileges by replacing service executable or DLL files in the installation directory with specially crafted files.
Affected Products
Mitsubishi Electric FREQSHIP-mini for Windows
Mitsubishi Electric
Mitsubishi Electric FREQSHIP-mini for Windows: >=8.0.0|<=8.0.2
known_affected
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: