ID

VAR-202402-0009


CVE

CVE-2024-21794


TITLE

Rapid SCADA  Open redirect vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213

DESCRIPTION

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. Rapid SCADA Exists in an open redirect vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2024-21794 // JVNDB: JVNDB-2024-002213 // VULMON: CVE-2024-21794

AFFECTED PRODUCTS

vendor:rapidscadamodel:rapid scadascope:lteversion:5.8.4

Trust: 1.0

vendor:rapid scadamodel:rapid scadascope: - version: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:eqversion: -

Trust: 0.8

vendor:rapid scadamodel:rapid scadascope:lteversion:5.8.4 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-21794
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2024-21794
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-21794
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-21794
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2024-21794
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794 // NVD: CVE-2024-21794

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.0

problemtype:Open redirect (CWE-601) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

EXTERNAL IDS

db:NVDid:CVE-2024-21794

Trust: 2.7

db:ICS CERTid:ICSA-24-011-03

Trust: 1.9

db:JVNid:JVNVU91020765

Trust: 0.8

db:JVNDBid:JVNDB-2024-002213

Trust: 0.8

db:VULMONid:CVE-2024-21794

Trust: 0.1

sources: VULMON: CVE-2024-21794 // JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

Trust: 2.0

url:https://rapidscada.org/contact/

Trust: 1.9

url:https://jvn.jp/vu/jvnvu91020765/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-21794

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2024-21794 // JVNDB: JVNDB-2024-002213 // NVD: CVE-2024-21794

SOURCES

db:VULMONid:CVE-2024-21794
db:JVNDBid:JVNDB-2024-002213
db:NVDid:CVE-2024-21794

LAST UPDATE DATE

2024-08-14T13:19:27.912000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2024-21794date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002213date:2024-02-09T00:59:00
db:NVDid:CVE-2024-21794date:2024-02-07T17:15:44.653

SOURCES RELEASE DATE

db:VULMONid:CVE-2024-21794date:2024-02-02T00:00:00
db:JVNDBid:JVNDB-2024-002213date:2024-02-09T00:00:00
db:NVDid:CVE-2024-21794date:2024-02-02T00:15:54.953