Search criteria
3 vulnerabilities by Supcon
CVE-2023-4986 (GCVE-0-2023-4986)
Vulnerability from cvelistv5 – Published: 2023-09-15 14:31 – Updated: 2025-06-18 14:42
VLAI
Title
Supcon InPlant SCADA Project.xml unknown vulnerability
Summary
A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
- CWE-916 - Password Hash With Insufficient Computational Effort
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239797 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239797 | signaturepermissions-required |
| https://drive.google.com/file/d/1V_O95QddCGdZzYGg… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Supcon | InPlant SCADA |
Affected:
20230901
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239797"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239797"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T03:23:25.448551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:42:39.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "InPlant SCADA",
"vendor": "Supcon",
"versions": [
{
"status": "affected",
"version": "20230901"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "01dgu0 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Supcon InPlant SCADA bis 20230901 wurde eine problematische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei Project.xml. Durch Manipulieren mit unbekannten Daten kann eine password hash with insufficient computational effort-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:24:20.598Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239797"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239797"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T09:15:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Supcon InPlant SCADA Project.xml unknown vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4986",
"datePublished": "2023-09-15T14:31:04.464Z",
"dateReserved": "2023-09-15T06:20:14.025Z",
"dateUpdated": "2025-06-18T14:42:39.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4985 (GCVE-0-2023-4985)
Vulnerability from cvelistv5 – Published: 2023-09-15 14:00 – Updated: 2024-08-02 07:44
VLAI
Title
Supcon InPlant SCADA Project.xml improper authentication
Summary
A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
5.9 (Medium)
5.9 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.239796 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.239796 | signaturepermissions-required |
| https://drive.google.com/file/d/1V_O95QddCGdZzYGg… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Supcon | InPlant SCADA |
Affected:
20230901
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T14:30:45.796451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T14:30:53.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.239796"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.239796"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "InPlant SCADA",
"vendor": "Supcon",
"versions": [
{
"status": "affected",
"version": "20230901"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in Supcon InPlant SCADA bis 20230901 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei Project.xml. Durch das Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T16:23:07.448Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.239796"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.239796"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-15T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-12T09:10:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Supcon InPlant SCADA Project.xml improper authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4985",
"datePublished": "2023-09-15T14:00:10.223Z",
"dateReserved": "2023-09-15T06:20:11.996Z",
"dateUpdated": "2024-08-02T07:44:53.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2924 (GCVE-0-2023-2924)
Vulnerability from cvelistv5 – Published: 2023-05-27 08:00 – Updated: 2024-08-02 06:41
VLAI
Title
Supcon SimField reportupload.aspx unrestricted upload
Summary
A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.7 (Medium)
4.7 (Medium)
CWE
- CWE-434 - Unrestricted Upload
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230078 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230078 | signaturepermissions-required |
| https://github.com/RCEraser/cve/blob/main/SimField.md | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230078"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230078"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/RCEraser/cve/blob/main/SimField.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SimField",
"vendor": "Supcon",
"versions": [
{
"status": "affected",
"version": "1.80.00"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "RCEraser (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Supcon SimField bis 1.80.00.00 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /admin/reportupload.aspx. Mit der Manipulation des Arguments files[] mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T07:13:22.865Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230078"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230078"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/RCEraser/cve/blob/main/SimField.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-05-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-05-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-21T12:07:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Supcon SimField reportupload.aspx unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-2924",
"datePublished": "2023-05-27T08:00:03.835Z",
"dateReserved": "2023-05-27T07:08:34.882Z",
"dateUpdated": "2024-08-02T06:41:04.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}