CVE-2024-22096

Summary

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.

Affected Software

VendorProductVersion RangeStatus
Rapid Software LLCRapid SCADA0 <= 5.8.4affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

Workarounds

Rapid Software did not respond to CISA's attempts at coordination. Users of Rapid SCADA are encouraged to contact Rapid Software and keep their systems up to date.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References