CVE-2024-22096

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.
References
Link Resource
https://rapidscada.org/contact/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*

History

07 Feb 2024, 17:33

Type Values Removed Values Added
CPE cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*
CWE CWE-22
References () https://rapidscada.org/contact/ - () https://rapidscada.org/contact/ - Product
References () https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 - () https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 - Third Party Advisory, US Government Resource
First Time Rapidscada
Rapidscada rapid Scada

02 Feb 2024, 01:57

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-02 00:15

Updated : 2024-02-07 17:33


NVD link : CVE-2024-22096

Mitre link : CVE-2024-22096

CVE.ORG link : CVE-2024-22096


JSON object : View

Products Affected

rapidscada

  • rapid_scada
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23

Relative Path Traversal