Primary

Context

FUXA Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A path traversal vulnerability has been identified in FUXA versions prior to 1.2.11. This flaw allows authenticated attackers with administrative privileges to bypass directory traversal protections. By exploiting nested traversal sequences, attackers can write arbitrary files to the server filesystem, including sensitive directories such as runtime/scripts. This exploitation leads to remote code execution when the server reloads the malicious scripts.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the potential for physical or operational disruption in SCADA environments by manipulating tags and alarms. Additionally, there is a risk of unauthorized access to projects, credentials, and historical logs.

Remediation

Users can upgrade to FUXA version 1.2.11 or later to address this vulnerability.

Added: Feb 10, 2026, 2:00 AM

Updated: Feb 10, 2026, 2:00 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.0

remediation

7.7

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

5.0

exploitability

5.0

remediation

7.7

relevance

2.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FUXA Path Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

frangoteam FUXA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating