CVE-2023-4986

LOW

Supcon InPlant SCADA <20230901 - Info Disclosure

Title source: llm

Description

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References (3)

[Third Party Advisory] https://vuldb.com/?id.239797

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.239797

[Exploit] https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link

Scores

CVSS v3 2.5

EPSS 0.0004

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-916

Status published

Products (1)

supcon/inplant_scada < 20230901

Published Sep 15, 2023

Tracked Since Feb 18, 2026