Sign-up

ID

VAR-202402-0007


CVE

CVE-2024-21869


TITLE

Rapid SCADA  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. Rapid SCADA There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2024-21869 // JVNDB: JVNDB-2024-002211 // VULMON: CVE-2024-21869

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-21869
value: MEDIUM

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2024-21869
value: MEDIUM

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov:
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-21869
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869 // NVD: CVE-2024-21869

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-21869

EXTERNAL IDS
db:NVDid:CVE-2024-21869
Trust: 2.7
db:ICS CERTid:ICSA-24-011-03
Trust: 1.9
db:JVNid:JVNVU91020765
Trust: 0.8
db:JVNDBid:JVNDB-2024-002211
Trust: 0.8
db:VULMONid:CVE-2024-21869
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-21869 // 
            
            
            
            JVNDB: JVNDB-2024-002211 // 
            
            
            
            NVD: CVE-2024-21869

REFERENCES
url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03
Trust: 2.0
url:https://rapidscada.org/contact/
Trust: 1.9
url:https://jvn.jp/vu/jvnvu91020765/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2024-21869
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-21869 // 
            
            
            
            JVNDB: JVNDB-2024-002211 // 
            
            
            
            NVD: CVE-2024-21869

SOURCES
db:VULMONid:CVE-2024-21869
db:JVNDBid:JVNDB-2024-002211
db:NVDid:CVE-2024-21869

LAST UPDATE DATE
2024-02-10T22:58:23.095000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-21869date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002211date:2024-02-09T00:59:00
db:NVDid:CVE-2024-21869date:2024-02-07T17:29:50.927

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-21869date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002211date:2024-02-09T00:00:00
db:NVDid:CVE-2024-21869date:2024-02-02T00:15:55.340