{"id":"CVE-2022-41976","details":"An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.","modified":"2026-04-11T17:20:28.095482Z","published":"2023-04-10T15:15:07.143Z","references":[{"type":"WEB","url":"http://scada-lts.org/"},{"type":"ADVISORY","url":"https://github.com/SCADA-LTS/Scada-LTS/releases"},{"type":"EVIDENCE","url":"https://m3n0sd0n4ld.blogspot.com/2022/11/scada-lts-privilege-escalation-cve-2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/scada-lts/scada-lts","events":[{"introduced":"0"},{"fixed":"0bb6cb8804eac164eee15065ce1e44c5d4946695"}],"database_specific":{"cpe":"cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.7.3"}],"source":"CPE_FIELD"}}],"versions":["0.0.9.7","0.0.9.8","v0.0.9.5","v0.0.9.5_1","v0.0.9.8","v2.0.0","v2.0.1","v2.1.0","v2.1.0_19_02_2020","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.4.1.1","v2.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41976.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}