Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rapid_scada
(Rapidscada)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-14 | CVE-2020-22722 | Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious... | Rapid_scada | 7.8 | ||
| 2022-12-07 | CVE-2022-44153 | Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). | Rapid_scada | 6.1 | ||
| 2024-02-01 | CVE-2024-21852 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution. | Rapid_scada | 8.8 | ||
| 2024-02-02 | CVE-2024-22096 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | Rapid_scada | 6.5 | ||
| 2024-02-02 | CVE-2024-21866 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. | Rapid_scada | 5.3 | ||
| 2024-02-02 | CVE-2024-21869 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. | Rapid_scada | 5.5 | ||
| 2024-02-02 | CVE-2024-21794 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | Rapid_scada | 5.4 | ||
| 2024-02-02 | CVE-2024-21764 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. | Rapid_scada | 9.8 | ||
| 2024-02-02 | CVE-2024-22016 | In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. | Rapid_scada | 7.8 | ||
| 2024-09-22 | CVE-2024-47221 | CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. | Rapid_scada | 7.5 |