scada-lts 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、パス処理の欠陥, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-13791 | A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.41% | 2025-11-30 | 2026-06-17 |
| CVE-2025-13790 | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.22% | 2025-11-30 | 2026-06-17 |
| CVE-2025-10235 | A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 1.9 | 0.28% | 2025-09-10 | 2026-06-17 |
| CVE-2025-10234 | A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 1.9 | 0.28% | 2025-09-10 | 2026-06-17 |
| CVE-2025-9404 | A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | [email protected] | 1.9 | 0.26% | 2025-08-24 | 2026-06-17 |
| CVE-2025-9388 | A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | [email protected] | 2.0 | 0.26% | 2025-08-24 | 2026-06-17 |
| CVE-2025-9235 | A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. | [email protected] | 2.0 | 0.26% | 2025-08-20 | 2026-06-17 |
| CVE-2025-9234 | A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. | [email protected] | 2.0 | 0.26% | 2025-08-20 | 2026-06-17 |
| CVE-2025-9233 | A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | [email protected] | 2.0 | 0.26% | 2025-08-20 | 2026-06-17 |
| CVE-2025-9145 | A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | [email protected] | 2.0 | 0.26% | 2025-08-19 | 2026-06-17 |
| CVE-2025-9144 | A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | [email protected] | 2.0 | 0.33% | 2025-08-19 | 2026-06-17 |
| CVE-2025-9143 | A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | [email protected] | 2.0 | 0.33% | 2025-08-19 | 2026-06-17 |
| CVE-2025-9139 | A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardle | [email protected] | 2.1 | 0.30% | 2025-08-19 | 2026-06-17 |
| CVE-2025-9138 | A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall | [email protected] | 2.0 | 0.26% | 2025-08-19 | 2026-06-17 |
| CVE-2025-9137 | A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk | [email protected] | 2.0 | 0.27% | 2025-08-19 | 2026-06-17 |
| CVE-2025-8743 | A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.0 | 0.26% | 2025-08-08 | 2026-06-17 |
| CVE-2025-7729 | A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0. | [email protected] | 2.0 | 0.25% | 2025-07-16 | 2026-06-17 |
| CVE-2025-7728 | A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0. | [email protected] | 2.0 | 0.25% | 2025-07-16 | 2026-06-17 |
| CVE-2024-7901 | A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024. | [email protected] | 5.3 | 0.34% | 2024-08-17 | 2026-06-17 |
| CVE-2023-33472 | An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | [email protected] | 8.8 | 1.27% | 2024-01-12 | 2026-06-17 |