Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege.
References (2)
Core 2
Core References
Various Sources
https://fsi-plusf.jp/news/25031701.html
Third Party Advisory
https://jvn.jp/en/jp/JVN11230428/
Scores
CVSS v3
7.2
EPSS
0.0097
EPSS Percentile
57.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
FUJI SOFT INCORPORATED/+F FS010M
Versions prior to V2.0.0_1101
Published
Mar 18, 2025
Tracked Since
Feb 18, 2026