JVN#64883963
Improper file access permission settings in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Overview
Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation is configured with an improper file access permission settings.
Products Affected
- Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2
Description
Mitsubishi small-capacity UPS shutdown software FREQSHIP-mini for Windows provided by Mitsubishi Electric Corporation contains the following vulnerability.
- Incorrect default permissions (CWE-276)
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.5
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8
- CVE-2025-10314
Impact
An attacker could replace service executables on Windows system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Mitsubishi Electric Corporation | Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows (PDF) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2026-000017 |