CVE-2026-8242
6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Industrial Application Software IAS | Canias ERP | 8.03 | affected |
Weaknesses
- CWE-204: Observable Response Discrepancy
- CWE-203: Information Exposure Through Discrepancy
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/vuln/362458
- https://vuldb.com/vuln/362458/cti
- https://vuldb.com/submit/808295
- https://hawktrace.com/blog/caniaserp
- https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.