CVE-2026-8242
LOWIndustrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
Title source: cnaDescription
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-362458 | Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
https://vuldb.com/vuln/362458
Signature, Permissions Required signature
permissions-required
VDB-362458 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/362458/cti
Third Party Advisory third-party-advisory
Submit #808295 | Industrial Application Software - IAS Canias ERP 8.03-- Observable Response Discrepancy (CWE-204)
https://vuldb.com/submit/808295
Related related
https://hawktrace.com/blog/caniaserp
Exploit broken-link
exploit
https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624
Scores
CVSS v3
3.7
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-203
CWE-204
Status
published
Products (1)
Industrial Application Software IAS/Canias ERP
8.03
Published
May 10, 2026
Tracked Since
May 10, 2026