Scada-LTS
0 remedies
cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*
0 remedies
- 2.7.8.1
Scada-LTS Information Disclosure Vulnerability in WatchListDwr Endpoint
Vulnerability
A vulnerability in Scada-LTS version 2.7.8.1 allows authenticated users with low privileges to access sensitive information such as usernames, emails, phone numbers, and admin status. This information disclosure issue could be exploited for phishing, privilege escalation, or social engineering attacks.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive user information, including contact details and admin status, which could be used for targeted attacks or to escalate privileges within the application.
Reproduction
To reproduce this vulnerability, authenticate as a low-privileged user and send a POST request to the '/Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr' endpoint. The response will contain sensitive information about all users in the system, including admin details.
Added: Aug 19, 2025, 1:17 PM
Updated: Aug 19, 2025, 2:24 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
6.2remediation
0.0relevance
0.3threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.