← voltar
CVE-2026-8242

Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

CVSS 6.3 MEDIUMEPSS 0.3%CWE-203CWE-204
Vexday Risk Score
33Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 6.3EPSS 0.3%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
10 mai 2026Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
Industrial Application Software IAS · Canias ERP
PoCs públicas encontradas1
cve_referencegist.github.com/0xb1lal/85422a63c10a001c75a22365457de624não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624https://hawktrace.com/blog/caniaserphttps://vuldb.com/submit/808295https://vuldb.com/vuln/362458https://vuldb.com/vuln/362458/cti