Last week, the US cybersecurity agency CISA issued a crucial advisory regarding seven vulnerabilities detected by Claroty researchers in Rapid SCADA, a widely used system for developing monitoring and control solutions in industrial settings, including industrial automation, IIoT systems, energy accounting, and process control systems.
Overview of Vulnerabilities
- Read sensitive files
- Remotely execute arbitrary code
- Gain access through phishing attacks
- Escalate privileges
- Obtain administrator passwords
- Access sensitive data about the application’s internal code
According to CISA, these vulnerabilities pose a severe risk, with one classified as ‘critical’ and two as ‘high severity.’ Despite being notified in early July 2023, developers have not yet released patches, exposing industrial systems.
Efforts by CISA and Claroty to contact Rapid SCADA developers have been unsuccessful.
Noam Moshe, a vulnerability researcher at Claroty, emphasized the widespread use of Rapid SCADA in various operational technology (OT) fields. Despite being a popular choice for small and medium-sized companies due to its free and open-source nature, the system’s vulnerabilities could have serious consequences.
Remote Code Execution and Internet Accessibility
Moshe highlighted that unauthenticated attackers can exploit certain vulnerabilities for remote code execution. Additionally, there are instances of Rapid SCADA directly accessible from the internet, posing a significant risk to organizations. Moshe said, “The vulnerabilities we discovered enable attackers to achieve remote code execution on Rapid SCADA Servers, meaning attackers could fully control these servers. After a successful exploit, the attackers could alter the behavior of services controlled by the Rapid SCADA server, move laterally inside the victim’s networks, etc.”