CVE-2026-8243

5.3 MEDIUM

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03

Published: 2026-05-10 · Last updated: 2026-05-18

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-320, CWE-321

Description

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8243
[Other]https://hawktrace.com/blog/caniaserp
[Other]https://vuldb.com/submit/808296
[Other]https://vuldb.com/vuln/362459
[Other]https://vuldb.com/vuln/362459/cti

Related CVEs

Same CWE

CVE-2026-9260 — Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.2 MEDIUM)
CVE-2026-34029 — The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastr...
CVE-2026-34022 — The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms w...
CVE-2026-28742 — Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image (9.8 CRITICAL)
CVE-2026-50091 — Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptog... (9.1 CRITICAL)