HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High ThreatIntel

Authentication Bypass in Frangoteam FUXA SCADA/HMI (CVE‑2026‑13207) Threatens Critical Infrastructure

A path‑normalization flaw in Frangoteam FUXA SCADA/HMI (≤ 1.3.1) lets unauthenticated attackers enumerate all user accounts and role assignments. The issue undermines logical‑access controls required by SOC 2, making timely patching and evidence collection essential for audit readiness.

LiveThreat™ Intelligence · 📅 June 30, 2026· 📰 cisa.gov
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
cisa.gov

Authentication Bypass in Frangoteam FUXA SCADA/HMI (CVE‑2026‑13207) Threatens Critical Infrastructure

What It Is – A path‑normalization flaw in the REST API of Frangoteam FUXA SCADA/HMI (≤ 1.3.1) lets an unauthenticated remote actor prepend “dot‑segment” sequences (e.g., /api/./users) to bypass the authentication middleware and retrieve full user‑account and role listings.

Exploitability – The vulnerability is publicly disclosed (CVE‑2026‑13207) with a CVSS v3 base score of 7.5 High. No public exploit code has been released, but the attack requires only a crafted HTTP request, making it trivially reproducible in a lab.

Affected Products – Frangoteam FUXA SCADA/HMI, all versions ≤ 1.3.1.

Why It Matters for Compliance & Audit Readiness

  • Control‑mapping gap – The flaw bypasses logical‑access controls that SOC 2 CC6.1 (Logical Access) expects to be enforced; continuous evidence of proper access‑control enforcement is now required.
  • Audit‑ready remediation evidence – Demonstrating timely patching and post‑remediation testing provides the audit trail enterprises need to prove due diligence to regulators and customers.
  • Supply‑chain trust – Critical‑infrastructure operators (manufacturing, energy, water) must show that third‑party HMI tools meet their own SOC 2‑aligned security baselines; a known bypass erodes that trust.

Recommended Actions

  • Upgrade all FUXA instances to the vendor‑released patch (≥ 1.3.2).
  • Deploy an API gateway or web‑application firewall that normalizes URL paths before routing to the FUXA service.
  • Run a post‑patch validation scan to confirm the authentication bypass is closed.
  • Map the affected logical‑access control to SOC 2 CC6.1, capture remediation tickets and scan logs as continuous audit evidence.

Source: CISA Advisory – ICSA‑26‑181‑02

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-181-02

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Misconfigurations are control gaps in disguise.

Verisq AI Trust Operations turns findings like this into mapped controls with continuous evidence, keeping your audit readiness current instead of point-in-time.

Map your controls with Verisq AI Trust Operations →