PT-2024-1446 · Unknown · Rapid Scada

Noam Moshe

Published

2024-01-11

Updated

2024-02-07

CVE-2024-21866

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rapid SCADA versions prior to 5.8.4

Description The issue is related to shortcomings in the error reporting mechanism of the SCADA system. It allows a remote attacker to gain unauthorized access to protected information by sending a specially crafted request. If the system receives a specific malformed request, it responds with an error message containing sensitive data.

Recommendations For versions prior to 5.8.4, update to version 5.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the error reporting mechanism to minimize the risk of exploitation. Avoid using the affected product's error handling functionality until the issue is resolved.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

BDU:2024-00931

CVE-2024-21866

Affected Products

Rapid Scada

PT-2024-1446 · Unknown · Rapid Scada

CVE-2024-21866

Weakness Enumeration

Related Identifiers

Affected Products

References · 10