Home

Description

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-05-09 | Published 2026-05-10 | Updated 2026-05-10 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

OS Command Injection

Command Injection

Product status

8.03
affected

Timeline

2026-05-09:Advisory disclosed
2026-05-09:VulDB entry created
2026-05-09:VulDB entry last update

Credits

b1lal (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/362434 (VDB-362434 | Industrial Application Software IAS Canias ERP RMI Runtime.getRuntime.exec os command injection) vdb-entry technical-description

vuldb.com/vuln/362434/cti (VDB-362434 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/submit/808262 (Submit #808262 | Industrial Application Software - IAS Canias ERP 8.03-- Code Injection - Remote Code Execution - (CWE-94/CWE-78)) third-party-advisory

gist.github.com/0xb1lal/6ccc2356e7e0a26f7b8a6bd6f0d84bbb exploit

cve.org (CVE-2026-8217)

nvd.nist.gov (CVE-2026-8217)

Download JSON