CVE-2026-8216
HIGHIndustrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
Title source: cnaDescription
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-362433 | Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication
https://vuldb.com/vuln/362433
Signature, Permissions Required signature
permissions-required
VDB-362433 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/362433/cti
Third Party Advisory third-party-advisory
Submit #808244 | Industrial Application Software - IAS Canias ERP 8.03-- Improper Authentication (CWE-287)
https://vuldb.com/submit/808244
Related related
https://hawktrace.com/blog/caniaserp
Scores
CVSS v3
7.3
EPSS
0.0039
EPSS Percentile
30.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
Industrial Application Software IAS/Canias ERP
8.03
Published
May 10, 2026
Tracked Since
May 10, 2026