CVE-2025-9388 in Scada-LTSinfo

Summary

by MITRE • 08/24/2025

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 09/11/2025

The vulnerability identified as CVE-2025-9388 affects Scada-LTS versions up to 2.7.8.1 and specifically targets an unknown function within the watch_list.shtm file. This represents a critical security flaw in industrial control systems that could have significant operational implications for organizations relying on SCADA infrastructure. The vulnerability stems from insufficient input validation mechanisms within the web interface component, creating an exploitable entry point for malicious actors seeking to compromise the system's integrity.

The technical flaw manifests through improper handling of the Name argument parameter within the affected function, which allows for cross-site scripting attacks to be executed. This type of vulnerability falls under the CWE-79 category of Cross-Site Scripting, where malicious scripts can be injected into web applications and executed in the context of other users' browsers. The vulnerability's remote exploitability means that attackers do not require physical access to the system, enabling them to target the application from external networks, which significantly broadens the potential attack surface.

The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to manipulate the web interface functionality and potentially gain unauthorized access to system controls. In industrial environments where SCADA systems manage critical infrastructure, such vulnerabilities could enable attackers to disrupt operations, modify data, or even gain deeper access to underlying network systems. The fact that exploitation has been publicly disclosed increases the likelihood of real-world attacks against vulnerable installations.

Mitigation strategies should include immediate patching of affected Scada-LTS versions to the latest available release that addresses this vulnerability. Organizations should also implement network segmentation to isolate SCADA systems from general corporate networks, deploy web application firewalls to monitor and filter malicious traffic, and conduct thorough security assessments of all web-based industrial control interfaces. Additionally, implementing strict input validation controls and output encoding mechanisms can help prevent similar vulnerabilities from being exploited in the future, aligning with defensive practices recommended by the ATT&CK framework for web application attacks.

Responsible

VulDB

Disclosure

08/24/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00257

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!