CVE-2026-57895

Fuji Electric · Pupsman

Fuji Electric Pupsman is susceptible to an incorrect default permissions vulnerability, which may allow local authenticated users to gain unauthorized access to system resources.

Executive summary

A vulnerability in Fuji Electric Pupsman allows local authenticated users to escalate privileges due to incorrect default permissions, posing a high security risk to system integrity.

Vulnerability

This vulnerability involves an "Incorrect Default Permissions" (CWE-276) issue where the application sets overly permissive access rights on sensitive files or directories. An attacker with low-privileged local access can exploit this to read, modify, or delete critical application components.

Business impact

The exploitation of this flaw could lead to a complete compromise of the Pupsman application, potentially allowing an attacker to manipulate power supply management settings or gain broader system control. With a CVSS score of 8.5, this high-severity vulnerability represents a significant risk to operational stability and the security of connected infrastructure.

Remediation

Immediate Action: Update Fuji Electric Pupsman to version 3.9.0 or later as specified in the vendor advisory.

Proactive Monitoring: Audit local file system permissions for the Pupsman installation directory to ensure they adhere to the principle of least privilege.

Compensating Controls: Restrict local user access to the server or workstation where Pupsman is installed to prevent unauthorized individuals from interacting with the vulnerable software.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this issue necessitates immediate attention to prevent unauthorized local privilege escalation. Administrators should prioritize patching Pupsman to version 3.9.0 to remediate the incorrect permissions and secure the environment against potential local attacks.