CVE-2026-8244 - Vulnerability Details

- Industrial Application Software IAS Canias ERP Login RMI improper authentication

Description

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-05-10

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in the Login RMI Interface of Industrial Application Software IAS Canias ERP 8.03. By manipulating the clientVersion argument, an attacker can gain unauthorized access without providing valid credentials. This improper authentication flaw (CWE‑287) can lead to compromise of confidentiality, integrity, or availability of the ERP system when exploited remotely.

Affected Systems

The affected product is IAS Canias ERP version 8.03 from Industrial Application Software IAS. No other versions or components are listed as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity vulnerability. EPSS information is not available, so the exact likelihood of exploitation is unknown, but the presence of publicly available exploit code suggests attackers may pursue this weakness. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote – an attacker can trigger the flaw by connecting to the RMI interface over the network and supplying a crafted clientVersion argument.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Industrial Application Software IAS

Canias ERP

affected

Version	Status	Constraints
`8.03`	affected	—

No data.

Vendor Product Confidence Versions

Industrial Application Software Ias

Canias Erp

100%

Version	Status	Scheme	Platform
`8.03`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Request or confirm the availability of an official vendor patch for IAS Canias ERP 8.03 and plan the upgrade if a fix is released.
Limit external access to the ERP’s RMI interface by applying firewall rules or network segmentation so that only trusted internal hosts can reach it.
Implement or enforce stronger authentication mechanisms (e.g., two‑factor authentication or account lockout policies) and monitor authentication logs for suspicious activity.

Generated by OpenCVE AI on May 10, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0008.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://gist.github.com/0xb1lal/758bbc5e4d82efea248e675da934ac69
https://hawktrace.com/blog/caniaserp
https://vuldb.com/submit/808326
https://vuldb.com/vuln/362460
https://vuldb.com/vuln/362460/cti

History

Mon, 18 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:industrial_application_software_ias:canias_erp::::::::
References		https://hawktrace.com/blog/caniaserp

Mon, 11 May 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 10 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Industrial Application Software Ias Industrial Application Software Ias canias Erp
Vendors & Products		Industrial Application Software Ias Industrial Application Software Ias canias Erp

Sun, 10 May 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Industrial Application Software IAS Canias ERP Login RMI improper authentication
Weaknesses		CWE-287
References		https://gist.github.com/0xb1lal/758bbc5e4d82efea248e675da934ac69 https://vuldb.com/submit/808326 https://vuldb.com/vuln/362460 https://vuldb.com/vuln/362460/cti
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Industrial Application Software Ias Canias Erp

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-10T09:15:07.438Z

Updated: 2026-05-18T13:52:19.031Z

Reserved: 2026-05-09T16:33:18.602Z

Link: CVE-2026-8244

Vulnrichment

Updated: 2026-05-11T16:54:34.312Z

NVD

Status : Deferred

Published: 2026-05-10T10:16:13.040

Modified: 2026-05-18T15:16:27.633

Link: CVE-2026-8244

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-10T21:24:00Z

Weaknesses

CWE-287

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object