Critical Remote Code Execution Vulnerability in Mitsubishi FREQSHIP-mini Software

Mitsubishi FREQSHIP-mini Vulnerable to Remote Code Execution (RCE) Attack

Madrid, Spain – February 3, 2026 – The Spanish National Cybersecurity Institute (INCIBE) has issued an urgent security advisory regarding a critical remote code execution (RCE) vulnerability in Mitsubishi’s FREQSHIP-mini software, a tool used for configuring and managing Mitsubishi frequency converters in industrial environments.

Technical Details

While specific technical details remain limited in the public advisory, the vulnerability (currently without a CVE ID assigned) enables unauthenticated attackers to execute arbitrary code remotely on systems running affected versions of FREQSHIP-mini. The flaw likely stems from improper input validation or memory corruption issues, common vectors for RCE exploits in industrial control system (ICS) software.

Mitsubishi frequency converters are widely deployed in manufacturing, energy, and automation sectors, where they regulate motor speed and torque in critical infrastructure. Successful exploitation could allow threat actors to disrupt operations, manipulate industrial processes, or gain a foothold in broader OT networks.

Impact Analysis

The severity of this vulnerability is heightened by several factors:

• Remote Exploitability: Attackers can trigger the flaw without prior authentication, increasing the risk of mass exploitation.
• Industrial Deployment: FREQSHIP-mini is used in environments where downtime or manipulation of frequency converters could lead to physical damage, safety hazards, or production halts.
• Lateral Movement Risk: Compromised systems could serve as entry points for attackers to pivot into connected IT or OT networks, escalating the attack surface.

Recommendations

INCIBE and Mitsubishi urge organizations using FREQSHIP-mini to take immediate action:

1. Apply Patches: Mitsubishi is expected to release a security update shortly. Monitor the vendor’s official security portal for patches.
2. Network Segmentation: Isolate systems running FREQSHIP-mini from corporate networks and the internet to limit exposure.
3. Access Controls: Restrict software access to authorized personnel only, using multi-factor authentication (MFA) where possible.
4. Monitor for Exploits: Deploy intrusion detection/prevention systems (IDS/IPS) to identify suspicious activity targeting FREQSHIP-mini.
5. Incident Response: Prepare containment and recovery plans in case of exploitation, including backup procedures for critical configurations.

Security teams should prioritize this vulnerability, given its potential to impact industrial operations. Further details, including CVE assignment and proof-of-concept (PoC) exploits, may emerge as the investigation progresses.

For more information, refer to INCIBE’s original advisory.