Back to overview

Frauscher: FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi are Vulnerable to OS Command Injection Vulnerability

VDE-2025-030
Last update
07/29/2025 12:00
Published at
07/07/2025 12:00
Vendor(s)
Frauscher Sensortechnik GmbH
External ID
VDE-2025-030
CSAF Document
Download

Summary

Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file.

CVE-2025-3626 affects FDS102 versions v2.8.0 < v2.13.3.

CVE-2025-3705 affects a broader range of products and versions. Specifically, it affects:
* FDS102 versions < v2.13.3
* FDS101 versions <= v1.4.25
* FDS-SNMP101 versions <= v.2.3.9

Update 1.1.0, 29.07.2025: The summary has been updated to include a mapping between CVEs and affected products, and the remediation section has been revised to include FDS101.

Impact

This enables a remote or a local attacker to gain full control of the FDS101/FDS-SNMP101/FDS102 device.

Affected Product(s)

Model no. Product name Affected versions
FDS-SNMP101 <=v.2.3.9 FDS-SNMP101 <=v.2.3.9
FDS101 <=v1.4.25 FDS101 <=v1.4.25
FDS102 <v2.13.3 FDS102 <v2.13.3
FDS102 >=v2.8.0<v2.13.3 FDS102 >=v2.8.0<v2.13.3

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A remote attacker with administrator account can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.

References
cve.org | nvd.nist.gov

Published
09/22/2025 14:57
Severity
6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary

A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.

References
cve.org | nvd.nist.gov

Mitigation

Security-related application conditions SecRAC:

  • The railway operator must ensure that only authorised personnel or people in the company of
    authorised personnel have access to the Frauscher Diagnostic System FDS101/FDS-SNMP101/FDS102. This applies for both vulnerabilities.

  • The recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3
    (according to EN 50159:2010), then additional protective measures must be added. This applies for CVE-2025-3626.

Remediation

Update FDS101 or FDS102 to FDS102 v2.13.3 or higher.

Revision History

Version Date Summary
1.0.0 07/07/2025 12:00 Initial revision
1.1.0 07/29/2025 12:00 The summary has been updated to include a mapping between CVEs and affected products, and the remediation section has been revised to include FDS101.