CVE-2024-22016

Published: Feb 2, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.

Affected (1)

Products: Rapidscada: Rapid Scada

Rapidscada

1 product

Rapid Scada

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rapidscada Rapid Scada	Up to 5.8.4

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://rapidscada.org/contact/

Source: ics-cert@hq.dhs.gov

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://rapidscada.org/contact/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.