CVE-2024-21869 is a vulnerability identified in Rapid Software LLC's Rapid SCADA product versions prior to 5.8.4. The core issue is the storage of plaintext passwords within the system, classified under CWE-256 (Plaintext Storage of a Password). This vulnerability allows an attacker with local access to the affected system to retrieve sensitive credentials directly from storage without needing to bypass encryption or hashing mechanisms. The vulnerability has a CVSS 3.1 base score of 6.2, indicating a medium severity level. The vector metrics specify that the attack requires local access (AV:L), has low complexity (AC:L), does not require privileges (PR:N), nor user interaction (UI:N), and impacts confidentiality (C:H) without affecting integrity or availability. The scope is unchanged (S:U), meaning the vulnerability affects only the vulnerable component. Since the credentials are stored in plaintext, any adversary who gains local access—whether through physical presence, compromised accounts, or lateral movement—can extract these passwords, potentially escalating privileges or moving laterally within the network. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk in environments where local access controls are weak or where attackers have already penetrated the perimeter defenses. The lack of encryption or secure storage mechanisms for credentials violates best practices for industrial control systems (ICS) security and increases the risk of credential theft and subsequent unauthorized access.

For European organizations, especially those operating critical infrastructure or industrial control systems, this vulnerability could lead to unauthorized access to SCADA systems, which are often integral to managing utilities, manufacturing, and energy sectors. The exposure of plaintext passwords could facilitate lateral movement by attackers within networks, potentially leading to data breaches, operational disruption, or sabotage. Given that Rapid SCADA is used in various industrial environments, the confidentiality breach could undermine trust in system integrity and safety. The vulnerability does not directly impact system availability or integrity, but the compromise of credentials can indirectly enable attacks that do. European organizations with less stringent local access controls or those relying heavily on Rapid SCADA for operational technology (OT) management are at higher risk. Additionally, regulatory frameworks such as the NIS Directive and GDPR emphasize the protection of critical infrastructure and personal data, so exploitation of this vulnerability could also lead to compliance issues and financial penalties.

Organizations should immediately upgrade Rapid SCADA installations to version 5.8.4 or later, where this vulnerability is addressed. Until patching is possible, it is critical to enforce strict local access controls to prevent unauthorized physical or logical access to SCADA systems. Implementing network segmentation to isolate SCADA systems from general IT networks can reduce exposure. Employing host-based security measures such as disk encryption and endpoint detection and response (EDR) tools can help detect and prevent unauthorized access attempts. Additionally, organizations should audit and rotate all credentials stored in Rapid SCADA to mitigate any potential compromise. Monitoring for unusual access patterns and conducting regular security assessments of OT environments will further reduce risk. Finally, educating staff about the importance of physical security and access controls in OT environments is essential to prevent exploitation of this vulnerability.