← Back to home
ICSA-18-298-01  ·  Published 2018-10-25  ·  View on CISA ICS-CERT ↗

GEOVAP Reliance 4 SCADA/HMI

CVSS 6.1 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to use HTTP proxy to inject arbitrary Javascript in a specially crafted HTTP request that may reflect it back in the HTTP response.

CVEs (1)

Remediations

  • GEOVAP released Version 4.8.0, which mitigates the vulnerability. GEOVAP strongly recommends users upgrade existing projects to this version.
  • GEOVAP also recommends users switch the application to HTTPS to prevent the manipulation of HTTP messages in an HTTP proxy. Changing to HTTPS should help even if Version 4.7.3 Update 3 and prior are still used.

Affected Vendors

GEOVAP

Affected Products (1)

GEOVAP · Reliance SCADA <=4.7.3 Update 3

Affected Sectors

Critical Manufacturing, Energy, Transportation Systems, and Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more