Sign-up

ID

VAR-202402-0009


CVE

CVE-2024-21794


TITLE

Rapid SCADA  Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. Rapid SCADA Exists in an open redirect vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-21794 // JVNDB: JVNDB-2024-002213 // VULMON: CVE-2024-21794

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2024-21794
value: MEDIUM

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2024-21794
value: MEDIUM

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2024-21794
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794 // NVD: CVE-2024-21794

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

problemtype:Open redirect (CWE-601) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2024-21794

EXTERNAL IDS
db:NVDid:CVE-2024-21794
Trust: 2.7
db:ICS CERTid:ICSA-24-011-03
Trust: 1.9
db:JVNid:JVNVU91020765
Trust: 0.8
db:JVNDBid:JVNDB-2024-002213
Trust: 0.8
db:VULMONid:CVE-2024-21794
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-21794 // 
            
            
            
            JVNDB: JVNDB-2024-002213 // 
            
            
            
            NVD: CVE-2024-21794

REFERENCES
url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03
Trust: 2.0
url:https://rapidscada.org/contact/
Trust: 1.9
url:https://jvn.jp/vu/jvnvu91020765/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2024-21794
Trust: 0.8
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2024-21794 // 
            
            
            
            JVNDB: JVNDB-2024-002213 // 
            
            
            
            NVD: CVE-2024-21794

SOURCES
db:VULMONid:CVE-2024-21794
db:JVNDBid:JVNDB-2024-002213
db:NVDid:CVE-2024-21794

LAST UPDATE DATE
2024-02-10T22:58:23.133000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2024-21794date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002213date:2024-02-09T00:59:00
db:NVDid:CVE-2024-21794date:2024-02-07T17:15:44.653

SOURCES RELEASE DATE
db:VULMONid:CVE-2024-21794date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002213date:2024-02-09T00:00:00
db:NVDid:CVE-2024-21794date:2024-02-02T00:15:54.953