← voltar
CVE-2026-8242

Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

CVSS 6.3 MEDIUMEPSS 0.3%CWE-203CWE-204
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
Industrial Application Software IAS · Canias ERP
PoCs públicas encontradas1
cve_referencegist.github.com/0xb1lal/85422a63c10a001c75a22365457de624não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624https://hawktrace.com/blog/caniaserphttps://vuldb.com/submit/808295https://vuldb.com/vuln/362458https://vuldb.com/vuln/362458/cti