January 18, 2024 at 11:12AM
The Rapid SCADA open source industrial automation platform has seven unpatched vulnerabilities, including critical and high severity ones, allowing hackers to access sensitive industrial systems, execute arbitrary code, and compromise administrator passwords. The developers have not responded to notifications or requests for comment, leaving organizations vulnerable to potential attacks.
Based on the meeting notes, the key takeaways are:
– Rapid SCADA, an open source industrial automation platform, is currently vulnerable to several critical and high severity vulnerabilities.
– These vulnerabilities could potentially allow hackers to gain unauthorized access to sensitive industrial systems and execute remote code.
– The developers of Rapid SCADA have been notified about these vulnerabilities but have not released patches or responded to attempts to contact them by CISA, Claroty, and SecurityWeek.
– Noam Moshe, a vulnerability researcher at Claroty, highlighted that the vulnerabilities discovered could enable attackers to achieve remote code execution and gain full control over the affected servers.
– The vulnerabilities pose a significant risk, especially as there are Rapid SCADA instances directly accessible from the internet, leaving organizations vulnerable to potential attacks.
It is evident from the meeting notes that the unpatched vulnerabilities in Rapid SCADA present a significant risk to industrial systems and organizations, and it is crucial to prioritize addressing these issues promptly.