Rapid Software LLC Rapid SCADA

Act Now9.8ICS-CERT ICSA-24-011-03Jan 11, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Rapid SCADA versions 5.8.4 and earlier contain multiple critical vulnerabilities including path traversal (CWE-22, CWE-23), insecure permissions (CWE-732), hardcoded credentials (CWE-798), and credential exposure (CWE-209, CWE-256). These allow attackers to read arbitrary files from the server, write files to execute code, steal administrator credentials, and access sensitive application internals. Social engineering attacks can also compromise operator accounts via phishing. Rapid Software has not responded to CISA coordination and no vendor patch is available.

What this means

What could happen

An attacker could read sensitive files from the RapidScada server, write files to achieve code execution, steal administrator passwords, or perform commands with service-level privileges—potentially disrupting SCADA operations or allowing lateral movement into critical energy infrastructure.

Who's at risk

Energy utilities, water authorities, and other critical infrastructure operators using Rapid SCADA for supervisory control and data acquisition. This affects any organization that relies on RapidScada ≤5.8.4 for process monitoring and control.

How it could be exploited

An attacker with network access to the RapidScada server can exploit path traversal, insecure file handling, and hardcoded/weak credentials vulnerabilities to read arbitrary files, write malicious files to the Scada directory for code execution, or intercept credentials. Social engineering attacks could also trick operators into clicking phishing links to compromise their accounts and gain legitimate access.

Prerequisites

Network access to RapidScada server port/interface
No authentication required for some vulnerabilities (file read/write)
Social engineering attacks require user interaction (clicking phishing links)

remotely exploitableno authentication required for file read/writelow complexity attackno patch availableaffects safety/operational systemshardcoded/default credentials

Exploitability

Moderate exploit probability (EPSS 1.1%)

Affected products (1)

ProductAffected VersionsFix Status

Rapid SCADA: <=5.8.4≤ 5.8.4No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/5

HARDENINGMinimize network exposure: ensure RapidScada is not accessible from the internet

HARDENINGPlace RapidScada behind firewalls and isolate it from business networks

HARDENINGImplement network segmentation to separate control system networks from corporate networks

HOTFIXContact Rapid Software to determine if patches or mitigations are available

HARDENINGDo not click links or open attachments in unsolicited emails; train operators on email security

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGUse VPN with multi-factor authentication for any required remote access

CVEs (7)

CVE-2024-21852 CVE-2024-22096 CVE-2024-22016 CVE-2024-21794 CVE-2024-21764 CVE-2024-21869 CVE-2024-21866

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cc85ac83-ca5d-4544-8061-be7becb813ce