5.4
CVE-2024-21794
- EPSS 0.32%
- Veröffentlicht 02.02.2024 00:15:54
- Zuletzt bearbeitet 21.11.2024 08:55:00
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginOpen Redirect in Rapid SCADA
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rapidscada ≫ Rapid Scada Version <= 5.8.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.23 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
|
| ics-cert@hq.dhs.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://rapidscada.org/contact/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03