CVE-2024-2882

CRITICAL

SDG Technologies PnPSCADA - Unauthenticated RCE

Title source: llm
STIX 2.1

Description

SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-02

Scores

CVSS v4 9.3
EPSS 0.0066
EPSS Percentile 46.8%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (1)
SDG Technologies/PnPSCADA < 4
Published Jun 27, 2024
Tracked Since Feb 18, 2026