Description
A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Login RMI Interface of Industrial Application Software IAS Canias ERP 8.03. By manipulating the clientVersion argument, an attacker can gain unauthorized access without providing valid credentials. This improper authentication flaw (CWE‑287) can lead to compromise of confidentiality, integrity, or availability of the ERP system when exploited remotely.

Affected Systems

The affected product is IAS Canias ERP version 8.03 from Industrial Application Software IAS. No other versions or components are listed as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity vulnerability. EPSS information is not available, so the exact likelihood of exploitation is unknown, but the presence of publicly available exploit code suggests attackers may pursue this weakness. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote – an attacker can trigger the flaw by connecting to the RMI interface over the network and supplying a crafted clientVersion argument.

Generated by OpenCVE AI on May 10, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Request or confirm the availability of an official vendor patch for IAS Canias ERP 8.03 and plan the upgrade if a fix is released.
  • Limit external access to the ERP’s RMI interface by applying firewall rules or network segmentation so that only trusted internal hosts can reach it.
  • Implement or enforce stronger authentication mechanisms (e.g., two‑factor authentication or account lockout policies) and monitor authentication logs for suspicious activity.

Generated by OpenCVE AI on May 10, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 09:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Industrial Application Software IAS Canias ERP Login RMI improper authentication
Weaknesses CWE-287
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T09:15:07.438Z

Reserved: 2026-05-09T16:33:18.602Z

Link: CVE-2026-8244

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T10:16:13.040

Modified: 2026-05-10T10:16:13.040

Link: CVE-2026-8244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T10:30:09Z

Weaknesses