Unrated severityNVD Advisory· Published Sep 15, 2023· Updated Jun 18, 2025

Supcon InPlant SCADA Project.xml unknown vulnerability

CVE-2023-4986

Description

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

Supcon/InPlant SCADAllm-create2 versions
<=20230901+ 1 more
- (no CPE)range: <=20230901
- (no CPE)range: 20230901

Patches

Vulnerability mechanics

References

drive.google.com/file/d/1V_O95QddCGdZzYGgx7tkMOYQ5i_alv69/viewmitreexploit
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000