Mitsubishi Electric FREQSHIP-mini for Windows is affected by an incorrect default permissions vulnerability that could allow local attackers to compromise system integrity.

This vulnerability stems from incorrect default permissions within the FREQSHIP-mini software environment. A local, authenticated attacker could exploit these weak access controls to modify sensitive files or escalate privileges on the host Windows system.

A successful exploit of this vulnerability could lead to unauthorized access to industrial communication data or the underlying operating system. Given the CVSS score of 8.8, the risk is high; an attacker with local access could disrupt industrial workflows, compromise data integrity, or facilitate further lateral movement within the corporate network, leading to significant operational downtime.

Immediate Action: Apply the latest security updates provided by Mitsubishi Electric for FREQSHIP-mini immediately to correct the file system permissions.

Proactive Monitoring: Review Windows security logs for unauthorized permission changes or unusual account activity originating from local users.

Compensating Controls: Implement the principle of least privilege (PoLP) by restricting local interactive login access to the Windows host to only essential personnel.

Public Exploit Available: false

The high severity rating (8.8) necessitates immediate remediation to prevent local privilege escalation. IT and OT administrators should prioritize the deployment of the vendor-supplied security patch to ensure that default permissions are hardened against unauthorized modification.