Lucene search

IcscertCVELIST:CVE-2024-2882

HistoryJun 27, 2024 - 6:55 p.m.

CVE-2024-2882 Missing Authorization in SDG Technologies PnPSCADA

2024-06-2718:55:42

CWE-862

icscert

www.cve.org

sdg technologies

pnpscada

missing authorization

cve-2024-2882

scada system

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PnPSCADA",
    "vendor": "SDG Technologies",
    "versions": [
      {
        "lessThan": "4",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-179-02

9.3 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-2882