PT-2023-8327 · Scada-Lts · Scada-Lts

Hev0X

Publicado

2023-12-27

Atualizado

2025-06-11

CVE-2023-33472

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Scada-LTS versions 2.7.5.2 build 4551883606 and before

Description The issue is related to insufficient access control in the Event Handlers function of the Scada-LTS mult-platform web solution for creating Scada systems. This allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via the Event Handlers function.

Recommendations For Scada-LTS versions 2.7.5.2 build 4551883606 and before, consider disabling the Event Handlers function as a temporary workaround until a patch is available. Restrict access to the Event Handlers function to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-119CWE-94

Identificadores relacionados

BDU:2024-00453

CVE-2023-33472

Produtos afetados

Scada-Lts

PT-2023-8327 · Scada-Lts · Scada-Lts

CVE-2023-33472

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8