SDG Technologies PnPSCADA

Act Now9.1ICS-CERT ICSA-24-179-02Jun 27, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

PnPSCADA versions prior to 4 contain an authentication bypass vulnerability (CWE-862) that allows an attacker to attach to the system without credentials and perform unauthorized actions. Successful exploitation could enable unauthorized control of connected SCADA devices, data manipulation, and access to sensitive system information. The vulnerability requires network access to the PnPSCADA application but no authentication or user interaction.

What this means

What could happen

An attacker could bypass authentication and attach to the PnPSCADA system to execute unauthorized control commands, modify system data, or steal sensitive configuration information from your SCADA infrastructure.

Who's at risk

Energy utilities operating SDG Technologies PnPSCADA systems version 3 and earlier should prioritize this issue. Any organization using PnPSCADA for supervisory control of generation, transmission, or distribution equipment is at risk of operational disruption through unauthorized command injection.

How it could be exploited

An attacker on the network sends requests to PnPSCADA without credentials to attach to the system. Once attached, they can issue commands or read data directly from the SCADA database, potentially altering setpoints, disabling sensors, or disrupting normal operation of connected energy equipment.

Prerequisites

Network access to PnPSCADA application (default port unspecified in advisory)
PnPSCADA version earlier than 4 running in the environment

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.1)affects energy critical infrastructure

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (1)

ProductAffected VersionsFix Status

PnPSCADA: <4<44

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate PnPSCADA system and all connected control networks from business networks and the internet using firewalls and network segmentation

WORKAROUNDImplement network access control lists to restrict which devices and personnel can connect to PnPSCADA; disable unauthenticated access if any authentication mechanism exists

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PnPSCADA to version 4 or later

Long-term hardening

0/1

HARDENINGIf remote access to PnPSCADA is required, use a VPN with current security updates and strong credentials; limit VPN access to named accounts only

CVEs (1)

CVE-2024-2882

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f252c02e-c829-4367-8ff5-80665ca3daa1