CVE-2026-8242 - Vulnerability Details

- Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy

Description

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-10

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Industrial Application Software IAS Canias ERP 8.03 contains a flaw in the Login RMI Interface’s doAction method. When an attacker sends a specially crafted request, the server returns a response that differs from the expected pattern. Based on the description, it is inferred that this observable discrepancy may allow attackers to infer details about the system’s internal state or bypass authentication flows, potentially constituting an information‑disclosure vulnerability. The flaw relies on manipulating data exchanged over the RMI interface and is reported as requiring high complexity and skill to exploit.

Affected Systems

The vulnerability exists in all installations of Industrial Application Software IAS Canias ERP version 8.03. No other product versions have been explicitly listed as affected. Operators should verify the ERP version and confirm whether their instance matches the 8.03 release to determine exposure.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity, yet the exploit is described as difficult, with remote access required. EPSS is unavailable, so the probability of exploitation cannot be quantified. The flaw is not cataloged in CISA’s KEV list, but a public proof‑of‑concept has been published, meaning motivated attackers could target exposed RMI interfaces to obtain sensitive information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Industrial Application Software IAS

Canias ERP

affected

Version	Status	Constraints
`8.03`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑released fix that addresses the doAction response discrepancy when available.
Restrict the RMI interface to trusted internal networks only by configuring firewalls or access control lists to block external connections.
Monitor RMI traffic for abnormal or repeated response discrepancies and configure alerts when such patterns occur.
Audit the doAction implementation to eliminate accidental disclosure of sensitive data and ensure error responses do not expose internal details.

Generated by OpenCVE AI on May 10, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00029.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624
https://vuldb.com/submit/808295
https://vuldb.com/vuln/362458
https://vuldb.com/vuln/362458/cti

History

Sun, 10 May 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
Weaknesses		CWE-203 CWE-204
References		https://gist.github.com/0xb1lal/85422a63c10a001c75a22365457de624 https://vuldb.com/submit/808295 https://vuldb.com/vuln/362458 https://vuldb.com/vuln/362458/cti
Metrics		cvssV2_0 `{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-10T08:15:08.901Z

Updated: 2026-05-10T08:15:08.901Z

Reserved: 2026-05-09T16:33:13.131Z

Link: CVE-2026-8242

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-10T09:16:32.027

Modified: 2026-05-10T09:16:32.027

Link: CVE-2026-8242

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-10T10:30:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object