|
[Japanese]
|
JVNDB-2026-000095
|
Multiple vulnerabilities in the installer for Pupsman
|
The installer for Pupsman provided by Fuji Electric Co.,Ltd. contains multiple vulnerabilities listed below:- Uncontrolled search path element (CWE-427) - CVE-2026-56437
- The CVSS vectors above assume that a victim user is directed to place a specially crafted DLL file in the same folder as the affected installer and to execute the installer.
- Incorrect default permissions (CWE-276) - CVE-2026-57895
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 7.8 (High) [IPA Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
CVSS v4 Severity
Base Metrics: 8.5 (High) [IPA Score]
- Access Vector (AV): Local
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): Low
- User Interaction (UI): None
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
The above CVSS base scores have been assigned for CVE-2026-57895
|
CVSS v3 Severity
Base Metrics: 7.8(High) [IPA Score]
- Access Vector : Local
- Attack Complexity : Low
- Privileges Required : None
- User Interaction : Required
- Scope : Unchanged
- Confidentiality Impact : High
- Integrity Impact : High
- Availability Impact : High
CVSS v4 Severity
Base Metrics: 8.4 (High) [IPA Score]
- Access Vector (AV): Local
- Attack Complexity (AC): Low
- Attack Requirements (AT): None
- Privileges Required (PR): None
- User Interaction (UI): Active
Vulnerable System Impact
- Confidentiality Impact (VC): High
- Integrity Impact (VI): High
- Availability Impact (VA): High
Subsequent System Impact
- Confidentiality Impact (SC): None
- Integrity Impact (SI): None
- Availability Impact (SA): None
The above CVSS base scores have been assigned for CVE-2026-56437
|
|
Fuji Electric Co., Ltd.
- Pupsman versions prior to 3.9.0
|
|
- If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege (CVE-2026-56437).
- An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege (CVE-2026-57895).
|
[Update the Software]
Use Pupsman version 3.9.0 or later, based on the information provided by the developer.
|
Fuji Electric Co., Ltd.
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2026-56437
- CVE-2026-57895
|
- JVN : JVN#62347140
- JVN : JVNTA#91240916
|
- [2026/07/08]
Web page was published
|