Primary

Context

FUXA Authorization Bypass Vulnerability Allowing Unauthenticated Remote Tag Modification

Vulnerability

Patched

An authorization bypass vulnerability has been identified in FUXA, a web-based process visualization software. This vulnerability allows unauthenticated, remote attackers to modify device tags through WebSockets. It affects FUXA versions prior to 1.2.9. The exploitation of this vulnerability enables attackers to bypass role-based access controls, overwrite arbitrary device tags, or disable communication drivers. This exposure could lead to manipulation of physical processes and disconnection of devices from the HMI in ICS/SCADA environments.

Impact

Exploitation of this vulnerability allows for unauthorized modification of device tags, which could disrupt communication with connected devices and manipulate physical processes through the HMI.

Remediation

Users are advised to update to FUXA version 1.2.10, where this vulnerability has been patched.

Added: Feb 6, 2026, 8:41 PM

Updated: Feb 6, 2026, 8:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

8.1

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

8.1

remediation

7.7

relevance

2.6

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FUXA Authorization Bypass Vulnerability Allowing Unauthenticated Remote Tag Modification

Vulnerability

Impact

Remediation

Affected Products

frangoteam FUXA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating