Primary

Context

FUXA Authorization Bypass Vulnerability Allowing Unauthenticated Scheduler Manipulation

Vulnerability

Patched

An authorization bypass vulnerability has been identified in FUXA, a web-based process visualization software, versions 1.2.8 prior to 1.2.11. This vulnerability allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, potentially disrupting connected ICS/SCADA environments. The issue has been addressed in version 1.2.11.

Impact

Exploitation of this vulnerability allows an unauthenticated remote attacker to gain guest authentication status and manipulate schedulers. This includes creating, modifying, or deleting schedules that can trigger immediate or cyclical actions on connected devices, such as forcing them into specific states or executing existing scripts on the server.

Remediation

Users are advised to update to FUXA version 1.2.11 or later.

Added: Feb 10, 2026, 1:46 AM

Updated: Feb 10, 2026, 1:46 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

8.8

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

8.8

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FUXA Authorization Bypass Vulnerability Allowing Unauthenticated Scheduler Manipulation

Vulnerability

Impact

Remediation

Affected Products

frangoteam FUXA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating