CVE-2024-21869

Plaintext Storage of a Password in Rapid SCADA

CVSS 6.2 MEDIUMEPSS 0.2%CWE-256

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Feb 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Rapid Software LLC · Rapid SCADA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://rapidscada.org/contact/https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03