PT-2023-8327 · Scada-Lts · Scada-Lts
Hev0X
·
Published
2023-12-27
·
Updated
2025-06-11
·
CVE-2023-33472
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Scada-LTS versions 2.7.5.2 build 4551883606 and before
Description
The issue is related to insufficient access control in the Event Handlers function of the Scada-LTS mult-platform web solution for creating Scada systems. This allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via the Event Handlers function.
Recommendations
For Scada-LTS versions 2.7.5.2 build 4551883606 and before, consider disabling the Event Handlers function as a temporary workaround until a patch is available. Restrict access to the Event Handlers function to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scada-Lts