Sign-up

ID

VAR-202402-0005


CVE

CVE-2024-22016


TITLE

Rapid SCADA  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. Rapid SCADA Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-22016 // JVNDB: JVNDB-2024-002210 // VULMON: CVE-2024-22016

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-22016
value: HIGH

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2024-22016
value: HIGH

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-22016
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016 // NVD: CVE-2024-22016

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-22016

EXTERNAL IDS
db:NVDid:CVE-2024-22016
Trust: 2.7
db:ICS CERTid:ICSA-24-011-03
Trust: 1.9
db:JVNid:JVNVU91020765
Trust: 0.8
db:JVNDBid:JVNDB-2024-002210
Trust: 0.8
db:VULMONid:CVE-2024-22016
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-22016 // 
            
            
            
            JVNDB: JVNDB-2024-002210 // 
            
            
            
            NVD: CVE-2024-22016

REFERENCES
url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03
Trust: 2.0
url:https://rapidscada.org/contact/
Trust: 1.9
url:https://jvn.jp/vu/jvnvu91020765/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2024-22016
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-22016 // 
            
            
            
            JVNDB: JVNDB-2024-002210 // 
            
            
            
            NVD: CVE-2024-22016

SOURCES
db:VULMONid:CVE-2024-22016
db:JVNDBid:JVNDB-2024-002210
db:NVDid:CVE-2024-22016

LAST UPDATE DATE
2024-02-10T22:58:23.114000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-22016date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002210date:2024-02-09T00:59:00
db:NVDid:CVE-2024-22016date:2024-02-07T17:33:12.727

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-22016date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002210date:2024-02-09T00:00:00
db:NVDid:CVE-2024-22016date:2024-02-02T00:15:55.533