CVE-2024-22016 - Vulnerability Details - OpenCVE

Description

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.

Published: 2024-02-01

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Rapid Software LLC

Rapid SCADA

unaffected

Version	Status	Constraints
`0`	affected	≤ 5.8.4

Configuration 1 [-]

cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Workaround

Rapid Software did not respond to CISA's attempts at coordination. Users of Rapid SCADA are encouraged to contact Rapid Software and keep their systems up to date.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-19622	In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00159.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://rapidscada.org/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03

History

Fri, 08 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Rapidscada Rapid Scada

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-02-01T23:19:59.311Z

Updated: 2024-11-08T15:43:45.266Z

Reserved: 2024-01-05T21:39:05.415Z

Link: CVE-2024-22016

Vulnrichment

Updated: 2024-08-01T22:35:34.626Z

NVD

Status : Modified

Published: 2024-02-02T00:15:55.533

Modified: 2026-06-17T07:10:32.707

Link: CVE-2024-22016

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-732
Incorrect Permission Assignment for Critical Resource

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22016", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-01-05T21:39:05.415Z", "datePublished": "2024-02-01T23:19:59.311Z", "dateUpdated": "2024-11-08T15:43:45.266Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Rapid SCADA", "vendor": "Rapid Software LLC", "versions": [{"lessThanOrEqual": "5.8.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Rapid Software LLC's Rapid SCADA versions prior to <span style=\"background-color: rgb(255, 255, 255);\">Version 5.8.4, an authorized user can <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">write directly to the Scada directory. This may allow privilege escalation.</span></span></span><br>"}], "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-02-01T23:19:59.311Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"}, {"url": "https://rapidscada.org/contact/"}], "source": {"discovery": "EXTERNAL"}, "title": "Incorrect Permission Assignment for Critical Resource in Rapid SCADA", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nRapid Software did not respond to CISA's attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n<br>"}], "value": "Rapid Software did not respond to CISA's attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.626Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", "tags": ["x_transferred"]}, {"url": "https://rapidscada.org/contact/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-06T05:00:22.270470Z", "id": "CVE-2024-22016", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T15:43:45.266Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03", "tags": ["x_transferred"]}, {"url": "https://rapidscada.org/contact/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.626Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22016", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-06T05:00:22.270470Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T15:43:40.464Z"}}], "cna": {"title": "Incorrect Permission Assignment for Critical Resource in Rapid SCADA", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rapid Software LLC", "product": "Rapid SCADA", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "5.8.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"}, {"url": "https://rapidscada.org/contact/"}], "workarounds": [{"lang": "en", "value": "Rapid Software did not respond to CISA's attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\nRapid Software did not respond to CISA's attempts at coordination. Users\n of Rapid SCADA are encouraged to contact Rapid Software and keep their \nsystems up to date.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n", "supportingMedia": [{"type": "text/html", "value": "In Rapid Software LLC's Rapid SCADA versions prior to <span style=\"background-color: rgb(255, 255, 255);\">Version 5.8.4, an authorized user can <span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">write directly to the Scada directory. This may allow privilege escalation.</span></span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-02-01T23:19:59.311Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22016", "state": "PUBLISHED", "dateUpdated": "2024-11-08T15:43:45.266Z", "dateReserved": "2024-01-05T21:39:05.415Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-02-01T23:19:59.311Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "Rapid SCADA", "vendor": "Rapid Software LLC", "versions": [{"lessThanOrEqual": "5.8.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "source": "ics-cert@hq.dhs.gov"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapidscada:rapid_scada:*:*:*:*:*:*:*:*", "matchCriteriaId": "280A83B5-F3B4-4BA0-A112-A5FC00D74091", "versionEndIncluding": "5.8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Rapid Software LLC's Rapid SCADA versions prior to\u00a0Version 5.8.4,\u00a0an authorized user can write directly to the Scada directory. This may allow privilege escalation.\n"}, {"lang": "es", "value": "En las versiones Rapid SCADA de Rapid Software LLC anterior a la versi\u00f3n 5.8.4, un usuario autorizado puede escribir directamente en el directorio Scada. Esto puede permitir una escalada de privilegios."}], "id": "CVE-2024-22016", "lastModified": "2026-06-17T07:10:32.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-22016", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "role": "CISA Coordinator", "timestamp": "2024-02-06T05:00:22.270470Z", "version": "2.0.3"}}]}, "published": "2024-02-02T00:15:55.533", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://rapidscada.org/contact/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://rapidscada.org/contact/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}