CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-33472
https://notcve.org/view.php?id=CVE-2023-33472
13 Jan 2024 — An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. Se descubrió un problema en Scada-LTS v2.7.5.2 build 4551883606 y anteriores, que permite a atacantes remotos con autenticación de bajo nivel escalar privilegios, ejecutar código arbitrario y obtener información confidencial a través de la función Event Handlers. • https://hev0x.github.io/posts/scadalts-cve-2023-33472 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41976
https://notcve.org/view.php?id=CVE-2022-41976
10 Apr 2023 — An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile. • http://scada-lts.org •