Lucene search

[email protected]CVE-2024-2882

HistoryJun 27, 2024 - 7:15 p.m.

CVE-2024-2882

2024-06-2719:15:13

CWE-862

[email protected]

web.nvd.nist.gov

sdg technologies

pnpscada

remote attacker

unauthorized control

risk

scada system

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PnPSCADA",
    "vendor": "SDG Technologies",
    "versions": [
      {
        "lessThan": "4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-179-02

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-2882

ics1 nvd1 cvelist1