CVE-2025-9404

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2

Description: A vulnerability was identified in Scada-LTS up to version 2.7.8.1. The affected element is an unknown function within the /pointHierarchySLTS file of the Folder Handler component. Manipulation of the Title argument leads to cross-site scripting. The attack can be initiated remotely, and the exploit is publicly available.

Recommendations: Scada-LTS versions prior to 2.7.8.2: Update to version 2.7.8.2 or later to resolve this issue. As a temporary workaround, consider restricting access to the /pointHierarchySLTS file or disabling the vulnerable function until a patch is available.