CVE-2026-33253

MEDIUM

SANYO DENKI SANUPS SOFTWARE 1.0.1-1.1.4 - Privilege Escalation

Title source: llm

Description

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

References (3)

https://products.sanyodenki.com/media/document/sanups/H0033449_en.pdf

https://products.sanyodenki.com/media/document/sanups/H0033413_jp.pdf

https://jvn.jp/en/jp/JVN90835713/

Scores

CVSS v3 6.7

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (3)

SANYO DENKI CO., LTD./SANUPS SOFTWARE Ver.1.0.0 to Ver.1.1.4

SANYO DENKI CO., LTD./SANUPS SOFTWARE Ver.2.0.0 to Ver.2.0.2

SANYO DENKI CO., LTD./SANUPS SOFTWARE STANDALONE Ver.1.0.1 to Ver.1.1.4

Published Mar 25, 2026

Tracked Since Mar 25, 2026