CVE-2024-4019 poses a significant threat to OT as it allows remote attackers to initiate deserialization attacks via the Byzoro Smart S80 Management Platform, potentially compromising the security and integrity of OT systems relying on this platform, leading to unauthorized access and manipulation of critical infrastructure.
From the CVE database:
A vulnerability classified as critical has been found in Byzoro Smart S80 Management Platform up to 20240411. Affected is an unknown function of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.