Notification Center
We at Frauscher stand for safety in rail transport and individual solutions for our customers. That is why we have introduced a process for security-relevant topics, which helps us to react as quickly as possible to alleged security risks. We work according to a comprehensive approach to secure our products, services and individual solutions.
For this purpose, we have established our Product Security Incident Response Team (PSIRT). You can reach our experts via the contact options listed at the bottom of the page.
Reporting
When you report a potential security risk to our experts, you will receive a confirmation from our Product Security Incident Response Team after a careful review.
Expert analysis
The potential risk will be analysed closely by our experts. If desired, you will receive regular status reports on the progress of the analysis.
Implementation
In this step, any necessary immediate measures are implemented, and long-term measures are planned.
Publication
The publication of the results and measures will be available on this page.
Publication Date: 07.07.2025
CVE-ID: CVE-2025-3626
CVSS v3.1 Base Score: 9.1
CVSS Vector:
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-ID: CWE-78
Summary
Frauscher Sensortechnik FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file. A remote attacker with high privileges can gain full control of the device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') while uploading a config file via webUI.
Affected versions
FDS102 >=v2.8.0<v2.13.3
Mitigation
Security-related application conditions SecRAC
The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS102.
The recommendation is to connect the Frauscher Diagnostic System FDS102 to a network of category 2. If the Frauscher Diagnostic System FDS102 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.
Remediation
Update to FDS102 v2.13.3 or higher
You can contact our experts directly with all security-related questions and comments about our products and solutions. You are also welcome to report potential security risks or problems via this channel. Our experts will get back to you as soon as possible.