ID

VAR-202402-0005


CVE

CVE-2024-22016


TITLE

Rapid SCADA  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. Rapid SCADA Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-22016 // JVNDB: JVNDB-2024-002210 // VULMON: CVE-2024-22016

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-22016
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-22016
value: HIGH

Trust: 1.0

NVD: CVE-2024-22016
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-22016
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-22016
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016 // NVD: CVE-2024-22016

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

EXTERNAL IDS

db:NVDid:CVE-2024-22016

Trust: 2.7

db:ICS CERTid:ICSA-24-011-03

Trust: 1.9

db:JVNid:JVNVU91020765

Trust: 0.8

db:JVNDBid:JVNDB-2024-002210

Trust: 0.8

db:VULMONid:CVE-2024-22016

Trust: 0.1

sources: VULMON: CVE-2024-22016 // JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Trust: 2.0

url:https://rapidscada.org/contact/

Trust: 1.9

url:https://jvn.jp/vu/jvnvu91020765/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-22016

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-22016 // JVNDB: JVNDB-2024-002210 // NVD: CVE-2024-22016

SOURCES

db:VULMONid:CVE-2024-22016
db:JVNDBid:JVNDB-2024-002210
db:NVDid:CVE-2024-22016

LAST UPDATE DATE

2024-08-14T13:19:27.656000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-22016date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002210date:2024-02-09T00:59:00
db:NVDid:CVE-2024-22016date:2024-02-07T17:33:12.727

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-22016date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002210date:2024-02-09T00:00:00
db:NVDid:CVE-2024-22016date:2024-02-02T00:15:55.533