CVE-2024-21852

Name of the Vulnerable Software and Affected Versions Rapid SCADA versions prior to Version 5.8.4

Description The issue is related to a Zip Slip vulnerability in the unpacking routine, allowing an attacker to supply a malicious configuration file and achieve remote code execution. This can be done by exploiting the incorrect restriction of the directory path name with limited access when extracting files from archives, enabling a remote attacker to execute arbitrary code by sending a specially crafted HTTP request.

Recommendations For versions prior to Version 5.8.4, update to Version 5.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the unpacking routine or disabling the use of archived files until a patch is applied. Avoid using the vulnerable configuration file handling mechanism until the issue is resolved.