CVE-2024-7901

Name of the Vulnerable Software and Affected Versions Scada-LTS version 2.7.8

Description A vulnerability has been found in the Message Handler component of Scada-LTS, related to the file /Scada-LTS/app.shtm#/alarms/Scada. The manipulation leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This issue is associated with the lack of protection measures for the web page structure, which may allow an attacker to conduct cross-site scripting attacks.

Recommendations For Scada-LTS version 2.7.8, a fix is planned for the upcoming release at the end of September 2024. As a temporary workaround, consider restricting access to the vulnerable Message Handler component to minimize the risk of exploitation. Avoid using the affected file /Scada-LTS/app.shtm#/alarms/Scada until the issue is resolved.