CVE-2023-4986

Name of the Vulnerable Software and Affected Versions Supcon InPlant SCADA up to 20230901

Description A problematic vulnerability was found in the Supcon InPlant SCADA system, related to insufficient computational effort in password hash when loading project files. This could allow an attacker to gain unauthorized access to protected information. The vulnerability is associated with an unknown functionality of the file Project.xml and requires local access to exploit. The complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For Supcon InPlant SCADA up to 20230901, consider restricting access to the Project.xml file until a patch is available. As a temporary workaround, avoid using the affected functionality related to password hash computation in the Project.xml file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.