Campbell Scientific CSI Web Server

Monitor5.7ICS-CERT ICSA-24-149-01May 28, 2024

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Campbell Scientific CSI Web Server and RTMC Pro contain two vulnerabilities (CWE-22: Path Traversal, CWE-261: Weak Password Storage) that allow an authenticated attacker with local or adjacent network access to download arbitrary files and decode stored passwords from the application.

What this means

What could happen

An attacker with network access to the web interface and valid credentials could download sensitive files and recover plaintext passwords, potentially compromising connected data acquisition systems and SCADA networks.

Who's at risk

Organizations operating Campbell Scientific data acquisition systems that use CSI Web Server or RTMC Pro for remote monitoring and configuration. This affects utilities, environmental monitoring stations, water treatment facilities, and research institutions that rely on these platforms for real-time sensor data and system control.

How it could be exploited

An attacker with valid login credentials to the CSI Web Server or RTMC Pro web interface could use path traversal to access files outside the intended directory, then use weak password storage mechanisms to decode credentials for connected sensors or systems.

Prerequisites

Valid user credentials for CSI Web Server or RTMC Pro web interface
Network access to the CSI Web Server or RTMC Pro web application (HTTP/HTTPS port, typically adjacent network)
CSI Web Server version 1.6 or earlier, or RTMC Pro version 5.0 or earlier

Requires valid credentials (reduces immediate risk)Adjacent network access required (must be on same network segment or have routing access)Low complexity exploitationCredential compromise enables lateral movement to connected SCADA/ICS devicesNo patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

Campbell Scientific CSI Web Server: <=1.6≤ 1.6No fix (EOL)

RTMC Pro: <=5.0≤ 5.0No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/1

WORKAROUNDRestrict network access to CSI Web Server and RTMC Pro web interfaces using firewall rules; allow only authorized engineering workstations

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CSI Web Server to the most recent 1.x patch version

HOTFIXUpdate RTMC Pro 5 to the most recent 5.x patch version

HOTFIXUpdate RTMC Pro 4 to the most recent 4.x patch version

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: Campbell Scientific CSI Web Server: <=1.6, RTMC Pro: <=5.0. Apply the following compensating controls:

HARDENINGIsolate the data acquisition and SCADA network from the business network using network segmentation

HARDENINGIf remote access to CSI Web Server or RTMC Pro is required, use a VPN with strong authentication

CVEs (2)

CVE-2024-5433 CVE-2024-5434

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9e21b47-b626-4ca7-b319-3ef3fa16c9a8