|
[Japanese]
|
JVNDB-2026-000005
|
Multiple vulnerabilities in EATON UPS Companion
|
|
EATON UPS Companion provided by Eaton contains multiple vulnerabilities listed below.- Uncontrolled search path element (CWE-427, CVE-2025-59887)
- Unquoted search path or element (CWE-428, CVE-2025-59888)
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to the developer and IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
|
|
|
Eaton
- UPS Companion versions prior to 3.0
|
|
|
- Arbitrary code may be executed with the privilege of the user invoking the installer (CVE-2025-59887)
- A user with write privileges on the root directory of the system drive may execute arbitrary code with SYSTEM privilege (CVE-2025-59888)
|
|
[Update the Software]
Update the software to the latest version according to the information provided by the developer.
For more information, refer to the information provided by the developer.
|
|
Eaton
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2025-59887
- CVE-2025-59888
|
|
- JVN : JVN#48187396
- JVN : JVNTA#91240916
|
|
- [2026/01/13]
Web page was published
|
