Medium
CVE 2019-10976
This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file (.frc2). Once a user opens the file, the attacker could read arbitrary files.
CVE 2019-10972
This vulnerability can be triggered when an attacker provides the target with a rogue project file (.frc2). Once a user opens the rogue project, CPU exhaustion occurs, which causes the software to quit responding until the application is restarted.
Uncontrolled Resource Consumption
Mitsubishi Electric
Mitsubishi Electric FR Configurator2 Version 1.16S and prior
Mitsubishi Electric has released Version 1.17T for the reported vulnerabilities.