CVE-2023-33472
https://notcve.org/view.php?id=CVE-2023-33472
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. Se descubrió un problema en Scada-LTS v2.7.5.2 build 4551883606 y anteriores, que permite a atacantes remotos con autenticación de bajo nivel escalar privilegios, ejecutar código arbitrario y obtener información confidencial a través de la función Event Handlers. • https://hev0x.github.io/posts/scadalts-cve-2023-33472 •
CVE-2022-41976
https://notcve.org/view.php?id=CVE-2022-41976
An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile. • http://scada-lts.org https://github.com/SCADA-LTS/Scada-LTS/releases https://m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html •