CVE-2024-21866
published 2024-02-02CVE-2024-21866: In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.41%
32.8th percentile
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rapid_software_llc | rapid_scada | <= 5.8.4 | — |
| rapidscada | rapid_scada | <= 5.8.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3p6h-jm8p-g7p5: In Rapid Software LLC's Rapid SCADA versions prior to Version 5
ghsa_unreviewed·2024-02-02
CVE-2024-21866 [MEDIUM] CWE-209 GHSA-3p6h-jm8p-g7p5: In Rapid Software LLC's Rapid SCADA versions prior to Version 5
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.
CISA ICS
Rapid Software LLC Rapid SCADA
cisa_ics·2024-01-11·CVSS 8.8
[HIGH] Rapid Software LLC Rapid SCADA
ICS Advisory
##
Rapid Software LLC Rapid SCADA
Release DateJanuary 11, 2024
Alert CodeICSA-24-011-03
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely, low attack complexity
- Vendor: Rapid Software LLC
- Equipment: Rapid SCADA
- Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource, Open Redirect, Use of Hard-coded Credentials, Plaintext Storage of a Password, Generation of Error Message Containing Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an attacker reading sensitive files from the Rapid Scada server, writing files to the Rapid Scada directory (thus achieving code
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-02
Published