CVE-2024-2882
CVE-2024-2882
9.3
CriticalPublished:
Last updated:
Source:ics-cert@hq.dhs.gov
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
References
ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02