Lucene search

IcscertCVELIST:CVE-2024-21866

HistoryFeb 01, 2024 - 11:34 p.m.

CVE-2024-21866 Generation of Error Message Containing Sensitive Information in Rapid SCADA

2024-02-0123:34:06

CWE-209

icscert

www.cve.org

cve-2024-21866

generation

error message

rapid scada

rapid software llc

version 5.8.4

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

In Rapid Software LLC’s Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Rapid SCADA",
    "vendor": "Rapid Software LLC",
    "versions": [
      {
        "lessThanOrEqual": "5.8.4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

rapidscada.org/contact/

www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVELIST:CVE-2024-21866