EXECUTIVE SUMMARY:
CVE-2026-8024 with a CVSS score of 9.3 is a critical remote code execution vulnerability affecting ibaPDA versions prior to 8.14.0 and ibaDatCoordinator versions prior to 4.0.7, both widely deployed in industrial data acquisition and automation environments; the flaw stems from the applications’ failure to restrict the .NET BinaryFormatter during deserialization of client‑server input, enabling a type‑confusion attack that allows an attacker to embed malicious objects in the serialized stream. A remote unauthenticated adversary can exploit this by sending a crafted payload over the network to the vulnerable service, requiring only network connectivity to the target host and no user interaction or valid credentials. Successful exploitation results in arbitrary code execution under the service’s system account, effectively granting the attacker full control of the compromised system and the ability to perform privilege escalation. The business impact includes potential disruption of critical measurement and process‑data systems, loss of operational continuity, data integrity breaches, and safety hazards in OT environments. Exploitation is contingent on the attacker’s ability to reach the vulnerable service, which must be running the affected versions and accepting deserialized data from untrusted sources.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-8024 with a CVSS score of 9.3 is a critical remote code execution vulnerability affecting ibaPDA versions prior to 8.14.0 and ibaDatCoordinator versions prior to 4.0.7, both widely deployed in industrial data acquisition and automation environments; the flaw stems from the applications’ failure to restrict the .NET BinaryFormatter during deserialization of client‑server input, enabling a type‑confusion attack that allows an attacker to embed malicious objects in the serialized stream. A remote unauthenticated adversary can exploit this by sending a crafted payload over the network to the vulnerable service, requiring only network connectivity to the target host and no user interaction or valid credentials. Successful exploitation results in arbitrary code execution under the service’s system account, effectively granting the attacker full control of the compromised system and the ability to perform privilege escalation. The business impact includes potential disruption of critical measurement and process‑data systems, loss of operational continuity, data integrity breaches, and safety hazards in OT environments. Exploitation is contingent on the attacker’s ability to reach the vulnerable service, which must be running the affected versions and accepting deserialized data from untrusted sources.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/iba-deserialization-vulnerability/