Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local vector and low-privileged foothold required (AV:L, PR:L), no user interaction and low complexity, with full SYSTEM-level C/I/A impact; scope unchanged as the service runs on the same OS.
Primary rating from Vendor (jpcert).
CVSS VectorVendor: jpcert
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege
AnalysisAI
Local privilege escalation to SYSTEM in Fuji Electric Pupsman before version 3.9.0 allows a low-privileged local user to drop a malicious executable into the weakly-permissioned installation directory, which is then run with SYSTEM privileges for full arbitrary code execution. Reported through JPCERT/CC (JVN JVN62347140); no public exploit identified and no active exploitation is confirmed at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must already have local, low-privileged access to a Windows host running Pupsman prior to 3.9.0 (PR:L, AV:L) - there is no remote or network path and no user interaction is required (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N with VC:H/VI:H/VA:H) describes a locally-exploitable, low-complexity flaw that requires the attacker to already hold a low-privileged foothold but grants total system compromise on success - a classic high-value privilege-escalation primitive rather than a remotely wormable bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A standard (non-admin) user or a piece of malware already running with limited privileges on a Windows host writes a malicious executable into the writable Pupsman installation folder, replacing or adding a binary that the SYSTEM-level service or a scheduled task subsequently launches. On next execution - a reboot, service restart, or timed run - the attacker's code runs as SYSTEM, yielding full host takeover. … |
| Remediation | Vendor-released patch: upgrade Pupsman to version 3.9.0 or later, which corrects the installation-folder permissions; download and advisory details are on the Fuji Electric page (https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html) and JVN (https://jvn.jp/en/jp/JVN62347140/). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all systems running Fuji Electric Pupsman to identify version numbers and deployment scope; immediately restrict file permissions on Pupsman installation directories to prevent unauthorized executable creation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42166
GHSA-36rv-fhqc-2cfg