CVE-2026-8217
Deferred Deferred - Pending Action
Command Injection in IAS Canias ERP 8.03

Publication date: 2026-05-10

Last updated on: 2026-05-11

Assigner: VulDB

Description
A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-11
Generated
2026-06-19
AI Q&A
2026-05-10
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8217
EUVD
EUVD-2026-28953
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
industrial_application_software canias_erp 8.03
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-8217 is a critical security vulnerability in Industrial Application Software IAS Canias ERP version 8.03. It affects the Runtime.getRuntime.exec function of the RMI Interface component, allowing an attacker to perform OS command injection by manipulating the argument troiaCode. The attack can be initiated remotely without authentication.

The exploit chain involves multiple vulnerabilities including unauthenticated session enumeration, session hijacking, command execution, and unauthorized file reading. An attacker can connect to the Java RMI interface on port 27499, identify active sessions, execute arbitrary OS commands with the privileges of the caniasERP service account, and read command outputs through file transfer mechanisms.

This vulnerability allows full system compromise without any user interaction or authentication, making it particularly dangerous.

Impact Analysis

This vulnerability can lead to a complete system compromise of the affected Canias ERP system. An attacker can remotely execute arbitrary OS commands with the privileges of the ERP service account, potentially gaining control over the system.

The attacker can enumerate active user sessions, hijack sessions, execute commands, and read files without authentication or user interaction. This can result in unauthorized access to sensitive data, disruption of business operations, and further exploitation of the network.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable Java RMI interface exposed on port 27499, which is the default port for the caniasERP IAS server remote interface.

A practical detection method involves attempting to connect to this port and observing if the service responds, indicating exposure to the vulnerability.

Additionally, commands can be executed remotely via the exploit chain, so testing for unauthorized command execution attempts such as 'whoami' or 'hostname' through the interface can help identify exploitation.

  • Use network scanning tools (e.g., nmap) to check if port 27499 is open on the target system: nmap -p 27499 <target-ip>
  • Attempt to connect to the Java RMI interface on port 27499 using tools like 'telnet' or 'nc' to verify service availability: telnet <target-ip> 27499
  • Monitor logs or network traffic for suspicious commands such as 'whoami' or 'hostname' being executed remotely via the RMI interface.
Mitigation Strategies

Immediate mitigation steps include restricting or blocking access to the vulnerable Java RMI interface on port 27499 to prevent remote exploitation.

Since the vulnerability allows unauthenticated remote code execution, network-level controls such as firewall rules should be applied to limit exposure.

If possible, disable the vulnerable RMI interface or restrict it to trusted internal networks only.

Monitor systems for signs of compromise and unauthorized command execution.

Contact the vendor for patches or updates, although the vendor has not responded to this disclosure as of the last update.

Compliance Impact

The vulnerability in Industrial Application Software IAS Canias ERP 8.03 allows unauthenticated remote code execution and full system compromise, which can lead to unauthorized access, manipulation, or disclosure of sensitive data.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and ensure data integrity and confidentiality.

Because the exploit requires no authentication and can be initiated remotely, it increases the risk of data exposure or system misuse, potentially leading to violations of these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart