ID

VAR-202402-0007


CVE

CVE-2024-21869


TITLE

Rapid SCADA  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. Rapid SCADA There are vulnerabilities in inadequate protection of credentials.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2024-21869 // JVNDB: JVNDB-2024-002211 // VULMON: CVE-2024-21869

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-21869
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-21869
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-21869
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-21869
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-21869
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-21869
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869 // NVD: CVE-2024-21869

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-256

Trust: 1.0

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

EXTERNAL IDS

db:NVDid:CVE-2024-21869

Trust: 2.7

db:ICS CERTid:ICSA-24-011-03

Trust: 1.9

db:JVNid:JVNVU91020765

Trust: 0.8

db:JVNDBid:JVNDB-2024-002211

Trust: 0.8

db:VULMONid:CVE-2024-21869

Trust: 0.1

sources: VULMON: CVE-2024-21869 // JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Trust: 2.0

url:https://rapidscada.org/contact/

Trust: 1.9

url:https://jvn.jp/vu/jvnvu91020765/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-21869

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-21869 // JVNDB: JVNDB-2024-002211 // NVD: CVE-2024-21869

SOURCES

db:VULMONid:CVE-2024-21869
db:JVNDBid:JVNDB-2024-002211
db:NVDid:CVE-2024-21869

LAST UPDATE DATE

2024-08-14T13:19:27.696000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-21869date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002211date:2024-02-09T00:59:00
db:NVDid:CVE-2024-21869date:2024-02-07T17:29:50.927

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-21869date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002211date:2024-02-09T00:00:00
db:NVDid:CVE-2024-21869date:2024-02-02T00:15:55.340