CISA 2026-05-12

Fuji Electric Tellus

CVE-2026-8108

Machine-generated analysis · WAYSCloud LLM

The vulnerability involves a kernel driver installed with Tellus that grants all users read and write permissions. This is a privilege escalation issue specific to version 5.0.2.

Context

Fuji Electric Tellus is a product used in critical manufacturing sectors, deployed worldwide. The advisory states that exploitation could allow privilege escalation from user to system, potentially leading to denial of service, file access, or deletion. The issue is due to a kernel driver installed with the software that provides excessive permissions to all users. The vendor recommends installing Tellus only with administrator privileges as a mitigation.

Operator considerations

Check: Inventory installations of Fuji Electric Tellus version 5.0.2.
Isolate: Segregate systems running Tellus from non-administrative networks.
Patch: Install Tellus only with administrator privileges as recommended by the vendor.

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files.

The following versions of Fuji Electric Tellus are affected:

Tellus 5.0.2

Vendor

Equipment

Fuji Electric

Fuji Electric Tellus

Exposed Dangerous Method or Function

Critical Infrastructure Sectors: Critical Manufacturing

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Japan

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.

Fuji Electric Tellus

Relevant CWE: CWE-749 Exposed Dangerous Method or Function

Metrics

Base Score

Base Severity

Vector String

3.1

7.8

HIGH

Acknowledgments

Kim Myung-gyu of Trend Micro Zero Day Initiative reported this vulnerability to CISA

Legal Notice ...

Read the full advisory on CISA →