"Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks"
According to CISA, the Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched. Rapid SCADA is advertised as ideal for industrial automation and IIoT systems, energy accounting systems, and process control systems. According to CISA, the product is affected by seven types of vulnerabilities that can be used to read sensitive files, remotely execute arbitrary code, gain access to sensitive systems through phishing attacks, escalate privileges, obtain administrator passwords, and access sensitive data about the application's internal code. One of the flaws has been classified as "critical" and two as "high severity," but developers have yet to release patches, despite being notified in early July 2023.