ICSA-24-011-03 · Published 2024-01-11 · View on CISA ICS-CERT ↗

Rapid Software LLC Rapid SCADA

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in an attacker reading sensitive files from the RapidScada server, writing files to the Scada directory (thus achieving code execution,) gaining access to sensitive systems via legitimate-seeming phishing attacks, connecting to the server and perfoming attacks using the high privileges of a service, obtaining administrator passwords, learning sensitive information about the internal code of the application, or achieving remote code execution.

CVEs (7)

CVE-2024-21852 CVE-2024-22096 CVE-2024-22016 CVE-2024-21794 CVE-2024-21764 CVE-2024-21869 CVE-2024-21866

Remediations

Rapid Software did not respond to CISA's attempts at coordination. Users of RapidSCADA are encouraged to contact Rapid Software and keep their systems up to date.

Affected Vendors

Rapid Software LLC

Affected Products (1)

Rapid Software LLC · Rapid SCADA <=5.8.4

Affected Sectors

Energy, Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more