Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched.

Rapid SCADA vulnerabilities

The Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched.

The US cybersecurity agency CISA published an advisory last week to inform industrial organizations about seven vulnerabilities discovered by Claroty researchers in Rapid SCADA. 

Rapid SCADA is advertised as ideal for developing monitoring and control systems, particularly industrial automation and IIoT systems, energy accounting systems, and process control systems. 

The product is affected by seven types of vulnerabilities that, according to CISA’s advisory, can be used to read sensitive files, remotely execute arbitrary code, gain access to sensitive systems through phishing attacks, escalate privileges, obtain administrator passwords, and access sensitive data about the application’s internal code.

One of the flaws has been classified as ‘critical’ and two as ‘high severity’, but developers have yet to release patches, despite being notified in early July 2023. 

CISA and Claroty said their attempts to get in contact with Rapid SCADA developers have failed. The developers have also not responded to SecurityWeek’s request for comment.

Noam Moshe, vulnerability researcher at Claroty, told SecurityWeek that Rapid SCADA is implemented in many different fields in the modern operational technology (OT) ecosystem, being a good option for small and medium-size companies due to it being free and open source. 

Moshe pointed out that some of the vulnerabilities can be exploited by an unauthenticated attacker for remote code execution and there are a few dozen Rapid SCADA instances that are directly accessible from the internet, leaving organizations vulnerable to attacks.

Advertisement. Scroll to continue reading.

“The vulnerabilities we discovered enable attackers to achieve remote code execution on Rapid SCADA Servers, meaning attackers could fully control these servers,” the researcher explained. “After a successful exploit, the attackers could alter the behavior of services controlled by the Rapid SCADA server, move laterally inside the victim’s networks, etc.”

Related: Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

Related: Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms

Related: Bosch Nutrunner Vulnerabilities Could Aid Hacker Attacks Against Automotive Production Lines

Related: Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.