HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Critical Local Privilege Escalation (CVE-2026-8108) in Fuji Electric Tellus Driver Threatens Industrial Systems

A newly disclosed CVE‑2026‑8108 in Fuji Electric’s Tellus pcid64 driver enables local attackers to elevate privileges to SYSTEM, potentially compromising industrial control environments. For SOC 2‑aligned organizations, the flaw underscores the need for continuous control monitoring and evidence of timely patch management.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 zerodayinitiative.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
zerodayinitiative.com

Critical Local Privilege Escalation in Fuji Electric Tellus (CVE‑2026‑8108) Exposes System‑Level Access

What It Is — A flaw in the pcid64 driver of Fuji Electric’s Tellus industrial control platform exposes dangerous registry APIs. An attacker who can run low‑privileged code can invoke these APIs to gain SYSTEM privileges and execute arbitrary code.

Exploitability — Local‑only; requires prior low‑privilege code execution. No public exploit code, but the CVSS 7.8 rating (AV:L/AC:L/PR:L/UI:N) indicates a relatively easy path once foothold is achieved.

Affected Products — Fuji Electric Tellus (all versions containing the vulnerable pcid64 driver).

Why It Matters for Compliance & Audit Readiness

  • Patch Management Controls – SOC 2 Change Management (CC6.1) requires documented, timely remediation of known vulnerabilities; this CVE tests the rigor of your patch‑deployment process.
  • Privileged Access Monitoring – The escalation bypasses normal least‑privilege safeguards, underscoring the need for continuous evidence that privileged‑access controls are enforced and logged.
  • Audit Trail Defensibility – Demonstrating that the vendor‑issued update was applied and that system‑integrity logs were captured provides concrete audit evidence for a SOC 2 audit.

Recommended Actions

  • Deploy Fuji Electric’s security update for the pcid64 driver across all Tellus installations immediately.
  • Update your asset inventory to record driver version and map the remediation to the SOC 2 Change Management control.
  • Enable continuous monitoring of privileged process creation and retain logs as audit evidence.

Source: Zero Day Initiative Advisory ZDI‑26‑367 (CVE‑2026‑8108)

📰 Original Source
http://www.zerodayinitiative.com/advisories/ZDI-26-367/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →