Description
A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key
. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is located in an unspecified function of the JNLP Deployment Endpoint in IAS Canias ERP 8.03. An attacker can manipulate the endpoint to force the application to use a hard‑coded cryptographic key. This compromises the confidentiality and integrity guarantees normally provided by the system’s cryptographic operations.

Affected Systems

The affected system is the IAS Canias ERP product, version 8.03, used in industrial settings. No other product or version information is recorded.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk, and the vulnerability can be triggered remotely. Because the cryptographic key is hard‑coded, intrusion can lead to decryption of sensitive data or forging of signatures, potentially allowing access to protected resources. No EPSS value is available and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of exploitation is unknown but the impact remains significant if a compromise occurs.

Generated by OpenCVE AI on May 10, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Canias ERP version where the JNLP Deployment Endpoint no longer uses a hard‑coded key.
  • Restrict network access to the JNLP Deployment Endpoint to trusted hosts only, using firewall or VPN controls.
  • Monitor logs for unusual JNLP traffic and enforce audit trails to detect potential abuse.

Generated by OpenCVE AI on May 10, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP JNLP Deployment Endpoint hard-coded key
Weaknesses CWE-320
CWE-321
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:ND/RL:ND/RC:ND'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T09:00:12.301Z

Reserved: 2026-05-09T16:33:15.982Z

Link: CVE-2026-8243

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T09:16:32.200

Modified: 2026-05-10T09:16:32.200

Link: CVE-2026-8243

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T10:30:09Z

Weaknesses