CVE-2024-21866 MEDIUM

CVE-2024-21866: Generation of Error Message Containing Sensitive Information in Rapid SCADA

Vendor Rapid Software Llc
Product Rapid SCADA
Weakness CWE-209 · Error message info leak
Published February 1, 2024
Last update June 17, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request.

Key dates

02Disclosure timeline

February 1, 2024 CVE published
June 17, 2025 Record updated