CVE-2024-21869

Published: Feb 2, 2024Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.

Affected (1)

Products: Rapidscada: Rapid Scada

Rapidscada

1 product

Rapid Scada

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rapidscada Rapid Scada	Up to 5.8.4

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://rapidscada.org/contact/

Source: ics-cert@hq.dhs.gov

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://rapidscada.org/contact/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.