CVE-2024-47221 – Rapid SCADA through version 5.8.4 contains an a... (How to Fix)

Q: What is the severity of CVE-2024-47221?

CVE-2024-47221 has a CVSS score of 7.5 (HIGH). Rapid SCADA through version 5.8.4 contains an authentication bypass vulnerability in the CheckUser function that allows empty passwords. This enables attackers to gain unauthorized access to SCADA systems without valid credentials. Organizations using Rapid SCADA for industrial control systems are affected.

📋 TL;DR

Rapid SCADA through version 5.8.4 contains an authentication bypass vulnerability in the CheckUser function that allows empty passwords. This enables attackers to gain unauthorized access to SCADA systems without valid credentials. Organizations using Rapid SCADA for industrial control systems are affected.

💻 Affected Systems

Products:

Rapid SCADA

Versions: through 5.8.4

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations using the vulnerable CheckUser function in MainLogic.cs

📦 What is this software?

Rapid Scada by Rapidscada

View all CVEs affecting Rapid Scada →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of SCADA system allowing attackers to manipulate industrial processes, disrupt operations, or cause physical damage to equipment.

🟠

Likely Case

Unauthorized access to SCADA interface leading to data theft, system configuration changes, or disruption of monitoring capabilities.

🟢

If Mitigated

Limited impact if systems are isolated from networks and have additional authentication layers.

🌐 Internet-Facing: HIGH - Internet-facing SCADA systems are directly exploitable without authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple authentication bypass requiring only knowledge of username and empty password field

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.8.5 or later

Vendor Advisory: https://github.com/RapidScada/scada/commit/b14cbdfa6cf3a205e57f2383c915365adc3859a7

Restart Required: Yes

Instructions:

1. Download Rapid SCADA 5.8.5 or later from official sources. 2. Backup current installation. 3. Install updated version. 4. Restart SCADA services. 5. Verify authentication now rejects empty passwords.

🔧 Temporary Workarounds

Password Policy Enforcement

all

Implement password policy requiring non-empty passwords at system level

Network Segmentation

all

Isolate SCADA systems from untrusted networks using firewalls

🧯 If You Can't Patch

Implement multi-factor authentication for SCADA access
Deploy network monitoring to detect authentication attempts with empty passwords

🔍 How to Verify

Check if Vulnerable:

Attempt to authenticate with valid username and empty password field. If successful, system is vulnerable.

Check Version:

Check Rapid SCADA version in application interface or configuration files

Verify Fix Applied:

Attempt authentication with empty password - should be rejected. Check version is 5.8.5 or later.

📡 Detection & Monitoring

Log Indicators:

Authentication attempts with empty password fields
Successful logins without password verification

Network Indicators:

HTTP/HTTPS requests to SCADA interface with empty password parameters

SIEM Query:

source="scada_logs" AND (event="authentication" AND password="" OR password_length=0)

📊 Metadata

CVE ID: CVE-2024-47221

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-521

Published: September 22, 2024

Last Updated: March 19, 2025

🔗 References

https://github.com/RapidScada/scada/commit/b14cbdfa6cf3a205e57f2383c915365adc3859a7 Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47221, you might also want to check these: