PT-2025-34564 · Scada-Lts · Scada-Lts

Marceloqz

·

Published

2025-08-24

·

Updated

2025-08-24

·

CVE-2025-9388

CVSS v2.0

5.5

Medium

VectorAV:N/AC:L/Au:S/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions: Scada-LTS versions up to 2.7.8.1
Description: A cross-site scripting issue exists in Scada-LTS. The issue is due to manipulation of the Name argument within the watch list.shtm file. This can be exploited remotely. The exploit has been publicly disclosed.
Recommendations: Versions prior to 2.7.8.1 should be updated. As a temporary workaround, consider restricting or sanitizing the Name argument in the watch list.shtm file.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

BDU:2025-14905
CVE-2025-9388

Affected Products

Scada-Lts