Missing Authorization in Hydrosystem Control System_CVE-2026-34184

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in Hydrosystem Control System version 9.8.5

Basic Information

ID CVE-2026-34184

Source CERT-PL

Published Apr 9, 2026 at 09:41

Modified Apr 9, 2026 at 11:51

Affected Product

Vendor Hydrosystem

Product Control System

Affected Versions Hydrosystem Control System 0

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to read all files in these directories and even execute some of them. Critically the attacker could run PHP scripts directly on the connected database.This issue was fixed in\u00a0Hydrosystem Control System version\u00a09.8.5",
    "published": "2026-04-09T09:41:08.526Z",
    "modified": "2026-04-09T11:51:07.882Z",
    "type": "cve",
    "title": "Missing Authorization in Hydrosystem Control System",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2026/04/CVE-2026-4901/\nhttps://www.hydrosystem.poznan.pl/",
    "id": "CVE-2026-34184",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "Hydrosystem Control System 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Control System",
    "version": "0",
    "vendor": "Hydrosystem",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}