CVE-2026-56437
Fuji Electric · Pupsman
Fuji Electric Pupsman contains an uncontrolled search path element vulnerability that may allow an attacker to execute arbitrary code via a malicious library file.
Executive summary
A high-severity vulnerability in Fuji Electric Pupsman allows for potential arbitrary code execution by leveraging an uncontrolled search path element.
Vulnerability
This vulnerability involves an "Uncontrolled Search Path Element" (CWE-427). An attacker can place a malicious library in a directory that the application searches for dependencies, leading the application to load and execute the malicious code instead of the legitimate library.
Business impact
Successful exploitation could allow an attacker to execute arbitrary commands with the privileges of the Pupsman application, leading to system takeover or service disruption. With a CVSS score of 8.4, this vulnerability poses a severe threat to the operational integrity of the power supply management environment.
Remediation
Immediate Action: Apply the vendor-provided security update by upgrading to Pupsman version 3.9.0 or later.
Proactive Monitoring: Monitor system logs for unauthorized file creation in directories used by the application and investigate any unexpected library loading events.
Compensating Controls: Ensure that the application is installed in a directory with strict access controls to prevent unauthorized users from placing malicious files in the search path.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The risk of arbitrary code execution makes this a high-priority remediation task. Organizations utilizing Pupsman must update to version 3.9.0 as soon as possible to mitigate this search path vulnerability and prevent potential exploitation by local attackers.