Fuji Electric Tellus

MonitorCVSS 7.8ICS-CERT ICSA-26-132-01May 12, 2026

Fuji ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Tellus 5.0.2 contains a privilege escalation vulnerability (CWE-749) that allows a user with local access to elevate privileges to system level. Successful exploitation could enable temporary denial of service, unauthorized file access, or deletion of files critical to plant operations. The vulnerability affects the Fuji Electric Tellus product line used in the energy sector.

What this means

What could happen

An attacker with user-level access to a machine running Tellus could escalate privileges to system level, potentially causing operational disruption, corrupting process files, or deleting critical configuration data.

Who's at risk

Energy sector operators responsible for industrial control systems using Fuji Electric Tellus software, particularly those on systems where non-administrative users have local access (e.g., shared engineering workstations or systems with remote desktop capabilities).

How it could be exploited

An attacker with local user access to a Windows system running Tellus can exploit a privilege escalation vulnerability to gain system-level privileges. Once elevated, the attacker can execute arbitrary commands that may disrupt Tellus operations, manipulate process data, or delete configuration files needed for plant operations.

Prerequisites

Local user access to the system running Tellus
Tellus version 5.0.2 installed

locally exploitablelow complexityrequires local access but no special credentials beyond standard user accountaffects industrial control software used in energy systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

Tellus: 5.0.25.0.2Fix available

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local user account access to systems running Tellus to only authorized engineering and operations personnel

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Tellus to a version newer than 5.0.2 that includes the privilege escalation fix

Long-term hardening

0/1

HARDENINGImplement endpoint monitoring to detect unusual privilege escalation attempts on Tellus systems

CVEs (1)

CVE-2026-8108

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2386b081-5915-4092-8f46-7901ca29d622

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.