CVE-2023-30459

HIGH

SmartPTT SCADA 1.1.0.0 - Authenticated Remote Code Execution via C# Script Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30459. PoCs published by Toxich4.

AI-analyzed exploit summary This PoC exploits CVE-2023-30459 in SmartPTT SCADA 1.1.0.0 by authenticating as an administrator, creating a malicious C# script, and executing it to achieve remote code execution. The script leverages the server's script execution functionality on port 8101.

Description

SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).

Exploits (1)

nomisec WORKING POC 3 stars

by Toxich4 · poc

https://github.com/Toxich4/CVE-2023-30459

View Code ZIP pw:eip

This PoC exploits CVE-2023-30459 in SmartPTT SCADA 1.1.0.0 by authenticating as an administrator, creating a malicious C# script, and executing it to achieve remote code execution. The script leverages the server's script execution functionality on port 8101.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SmartPTT SCADA <= 1.1.0.0

Auth required

Prerequisites: Administrator credentials · Access to port 8101

MITRE ATT&CK

T1059.001 - PowerShell T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Toxich4/CVE-2023-30459

Product

https://smartptt.com

Scores

CVSS v3 7.2

EPSS 0.0211

EPSS Percentile 79.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (1)

smartptt/smartptt_scada 1.1

Published Apr 14, 2023

Tracked Since Feb 18, 2026