CVE-2022-41976

Name of the Vulnerable Software and Affected Versions Scada-LTS version 2.7.1.1 build 2948559113

Description A privilege escalation issue was discovered that allows remote attackers, authenticated in the application as a low-privileged user, to change their role, for example, to administrator, by updating their user profile. This issue is related to authorization errors.

Recommendations For Scada-LTS version 2.7.1.1 build 2948559113, consider restricting access to user profile updates until a patch is available. As a temporary workaround, limit the ability of low-privileged users to modify their roles or access levels.