CVE-2024-2882

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02

Configurations

No configuration.

History

21 Nov 2024, 09:10

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02 -
Summary		(es) SDG Technologies PnPSCADA permite a un atacante remoto adjuntar varias entidades sin requerir autenticación del sistema. Esta infracción podría conducir potencialmente a un control no autorizado, manipulación de datos y acceso a información confidencial dentro del sistema SCADA.

27 Jun 2024, 19:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-27 19:15

Updated : 2024-11-21 09:10

NVD link : CVE-2024-2882

Mitre link : CVE-2024-2882

CVE.ORG link : CVE-2024-2882

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2024-2882", "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 9.3, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-06-27T19:15:13.667", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system."}, {"lang": "es", "value": "SDG Technologies PnPSCADA permite a un atacante remoto adjuntar varias entidades sin requerir autenticaci\u00f3n del sistema. Esta infracci\u00f3n podr\u00eda conducir potencialmente a un control no autorizado, manipulaci\u00f3n de datos y acceso a informaci\u00f3n confidencial dentro del sistema SCADA."}], "lastModified": "2024-11-21T09:10:44.607", "sourceIdentifier": "ics-cert@hq.dhs.gov"}