HIGHCVE-2026-33253Published Modified CNA jpcert
CVE-2026-33253: SANUPS SOFTWARE provided by SANYO DENKI CO
SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Metrics
- CVSS v4.0
- 8.4
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 2
Affected packages
- SANYO DENKI CO., LTD. / SANUPS SOFTWARE STANDALONEVer.1.0.1 to Ver.1.1.4
- SANYO DENKI CO., LTD. / SANUPS SOFTWAREVer.2.0.0 to Ver.2.0.2 · Ver.1.0.0 to Ver.1.1.4
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N