CVE-2024-2882
published 2024-06-27CVE-2024-2882: SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to…
PriorityP349critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.66%
46.7th percentile
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sdg_technologies | pnpscada | < 4 | 4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
SDG Technologies PnPSCADA
cisa_ics·2024-06-27·CVSS 9.3
[CRITICAL] SDG Technologies PnPSCADA
ICS Advisory
##
SDG Technologies PnPSCADA
Release DateJune 27, 2024
Alert CodeICSA-24-179-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: SDG Technologies
- Equipment: PnPSCADA
- Vulnerability: Missing Authorization
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of SDG Technologi
GHSA
GHSA-f95v-47r2-3322: SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication
ghsa_unreviewed·2024-06-27
CVE-2024-2882 CWE-862 GHSA-f95v-47r2-3322: SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
No detection rules found.
No public exploits indexed.
arXiv
Baiting AI: Deceptive Adversary Against AI-Protected Industrial Infrastructures
arxiv_fulltext·2026-01-13
Baiting AI: Deceptive Adversary Against AI-Protected Industrial Infrastructures
Baiting AI: Deceptive Adversary Against AI-Protected Industrial Infrastructures
Aryan Pasikhani,
Prosanta Gope, Senior Member, IEEE, Yang Yang, Student Member, IEEE
Shagufta Mehnaz, Biplab Sikdar, IEEE Fellow
A. Pasikhani and P. Gope are with the Department of Computer Science, University of Sheffield, Regent Court, Sheffield S1 4DP, United Kingdom.
(E-mail: [email protected] [email protected])
Yang Yang and Biplab Sikdar are with the Department of Electrical and Computer Engineering, National University of Singapore, Singapore.
(E-mail: [email protected], [email protected])
Corresponding author: Dr. Aryan Pasikhani
IEEE Transactions on Dependable and Secure Computing\
Shell Pasikhani et al.: A Sample Article Using IEEEtran.cls for IEEE Journals
## Abstract
T
Bugzilla
CVE-2024-4367 Mozilla: Arbitrary JavaScript execution in PDF.js
bugzilla·2024-05-14·CVSS 8.8
CVE-2024-4367 [HIGH] CVE-2024-4367 Mozilla: Arbitrary JavaScript execution in PDF.js
CVE-2024-4367 Mozilla: Arbitrary JavaScript execution in PDF.js
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.
External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2888 https://access.redhat.com/errata/RHSA-2024:2888
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.0 Extended Update Support
Via RHSA-2024:2884 https://access.redhat.com/errata/RHSA-2024:2884
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.2 Advanced Update Support
Via RHSA-2024:2882 https://access.redha
2024-06-27
Published