PT-2024-1444 · Unknown · Rapid Scada
Noam Moshe
·
Published
2024-01-11
·
Updated
2024-02-07
·
CVE-2024-21794
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Rapid SCADA versions prior to Version 5.8.4
Description
The issue is related to the use of open redirection due to incorrect data cleaning on the user login page. This allows an attacker to redirect users to malicious pages through the login page. An attacker, acting remotely, can exploit this to redirect a user to an arbitrary URL.
Recommendations
For versions prior to Version 5.8.4, update to Version 5.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the login page to minimize the risk of exploitation.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rapid Scada