Creation Center
  1. chief security officerHome
  2. intelligence gathering

Multiple High-Risk Security Vulnerabilities Found in Rapid SCADA Open Source Industrial Automation Platform

chief security officer intelligence gathering 1501 views

Rapid Software LLC's industrial automation platform, Rapid SCADA, has been found to be susceptible to multiple critical vulnerabilities, posing significant risks of remote code execution, unauthorized access and privilege escalation. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a bulletin detailing the potential vulnerabilities and urging immediate action.

summarize

Rapid SCADA It is an open source industrial automation and process control system widely used for data acquisition and monitoring of industrial equipment.Rapid SCADA is widely used in industrial automation, IIoT systems and other fields to control a variety of industrial equipment, including electric power systems, water treatment systems, manufacturing systems and more.

Multiple High-Risk Security Vulnerabilities Found in Rapid SCADA Open Source Industrial Automation Platform

Vulnerability details

July 2023, United Statescyber securityAgency CISA has issued an advisory notifying Claroty researchers of seven vulnerabilities in Rapid SCADA: path traversal, relative path traversal, local elevation of privilege, open redirection, use of hard-coded credentials, plaintext storage of passwords, and the generation of error messages containing sensitive information. If exploited, an attacker could destroy sensitive data, remotely execute code, perform phishing attacks, obtain administrator credentials, and access internal code information.

  1. Incorrect restriction on pathnames of restricted directories ("path traversal"):
  2. Relative path traversal:
    • CVE: 2024-22096.CVSS v3: 6.5
    • Allows an attacker to read arbitrary files from the system.
  3. Local elevation of privilege through misassignment of privileges on critical resources:
    • CVE: 2024-22016.CVSS v3: 7.8
    • Any authenticated user can write directly to the Scada catalog, facilitating privilege escalation.
  4. URL redirection to an untrusted site ("open redirection"):
    • CVE: 2024-21794.CVSS v3: 5.4
    • May allow open redirects via the login page to redirect users to malicious web pages.
  5. Use of hard-coded vouchers:
    • CVE: 2024-21764.CVSS v3: 9.8
    • The product uses hard-coded credentials to allow unauthorized access.
  6. Plaintext storage of passwords:
    • CVE: 2024-21869.CVSS v3: 6.2
    • Storing plaintext credentials in a different location runs the risk of exposing them to an attacker with local access.
  7. Generates an error message containing sensitive information:
    • CVE: 2024-21866.CVSS v3: 5.3
    • Responds to an error message containing sensitive data when a request with a specific format error is received.

These vulnerabilities can be exploited to attack sensitive industrial systems, including:

Read sensitive files:This vulnerability can be exploited by an attacker to read sensitive files in Rapid SCADA such as configuration files, credentials files, etc.
Remote code execution:This vulnerability can be exploited by an attacker to remotely execute arbitrary code to compromise a Rapid SCADA system.
Access to sensitive systems through phishing attacks:An attacker can use this vulnerability to gain access to sensitive systems via a phishing attack to obtain credentials for Rapid SCADA users.
Elevation of privileges:An attacker could use this vulnerability to elevate their privileges to gain greater control over the Rapid SCADA system.
Get the administrator password:This vulnerability can be exploited by an attacker to obtain the password of a Rapid SCADA administrator and gain full control of the Rapid SCADA system.
Access to sensitive data related to the application's internal code:This vulnerability can be exploited by an attacker to access sensitive data related to the internal code of the Rapid SCADA application, such as source code, keys, etc. One of the vulnerabilities is classified as Critical and two are classified as High Severity. One of the vulnerabilities is categorized as critical and two are categorized as high severity.Rapid SCADA developers have been notified of the vulnerability in July 2023, but no patch has been released as of this date.

study finds

According to Claroty researcher Noam Moshe, these vulnerabilities in Rapid SCADA are due to errors in the software development process. These vulnerabilities can be exploited to attack the Rapid SCADA system, resulting in system crashes, data breaches or other security issues.

Rapid SCADA is favored in the OT space due to its free and open source nature. However, the security of open source software is usually poor, so organizations need to strengthen the security management of open source software.

Security recommendations

CISA recommends that organizations take the following steps to address the Rapid SCADA vulnerability: Immediately check to see if there is a Rapid SCADA instance that can be accessed directly from the Internet. If so, take immediate steps to block external access. Implement additional layers of security, such as firewalls or VPNs, to limit external access. Monitor for suspicious activity using Intrusion Detection System (IDS) and Event Management (SIEM) tools. Prepare an emergency response plan in case the vulnerability is exploited.

Conclusion

The Rapid SCADA vulnerability is a reminder of the security risks associated with open source automation platforms in related industries. Relevant organizations should take immediate steps to identify potential vulnerabilities and take urgent action to protect their critical infrastructure from potential cyberattacks.

原创文章,作者:首席安全官,如若转载,请注明出处:https://cncso.com/en/multiple-high-risk-security-vulnerabilities-in-rapid-scada.html

Like (0)
0 0

About the author

chief security officer

chief security officer

93 posts
4 comments
2 followers
Chief Security Officer (cncso.com)
Previous January 15, 2024 at 7:06 pm
Next January 29, 2024 am7:17

related suggestion