CVE-2019-10972
Description
Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mitsubishi Electric FR Configurator2 versions 1.16S and prior allow denial-of-service via crafted .frc2 project file.
Vulnerability
Mitsubishi Electric FR Configurator2 versions 1.16S and prior are affected by an uncontrolled resource consumption vulnerability (CWE-400). The bug resides in the project file parser when processing a specially crafted .frc2 file. No special configuration is required; the vulnerable code path is reachable simply by opening a malicious project file.
Exploitation
An attacker with the ability to deliver a rogue .frc2 file to a target can trigger the vulnerability. The attack requires user interaction: the user must open the malicious project file. No authentication or network position is needed beyond the delivery method (e.g., email, website download). Once opened, the parser consumes excessive CPU resources, causing the application to become unresponsive.
Impact
Successful exploitation results in a denial-of-service condition. The software stops responding until forcibly restarted. No data confidentiality or integrity is compromised, but availability is severely impacted.
Mitigation
Mitsubishi Electric has released version 1.17T to address this vulnerability [1]. Users should update to the latest version. No workaround is available for unpatched versions. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.
[1]: https://www.us-cert.gov/ics/advisories/icsa-19-204-01
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.16S
- Mitsubishi Electric/Mitsubishi Electric FR Configurator2v5Range: Version 1.16S and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.us-cert.gov/ics/advisories/icsa-19-204-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.