CISA reports critical vulnerability in SDG PnPSCADA
Take action: If you are using SDG Technologies’ PnPSCADA, check if it's properly isolated in a trusted network. Then plan a regular patching cycle.
Learn More
CISA is reporting a critical severity vulnerability in SDG Technologies’ PnPSCADA equipment. SDG Technologies' PnPSCADA is Supervisory Control and Data Acquisitio) solution for Automatic Meter Reading (AMR) and Automatic Meter Infrastructure (AMI) suitable for electricity, water, and gas metering.
The flaw is tracked as CVE-2024-2882 (CVSS vscore of 9.3) - missing authorization vulnerability. The vulnerability allows attackers to attach various entities to the system without authentication, which could lead to:
- Unauthorized control over the SCADA system.
- Manipulation of critical data.
- Unauthorized access to sensitive information.
The flaw affects PnPSCADA versions prior to version 4.
SDG Technologies advises users to upgrade to PnPSCADA version 4 to mitigate this vulnerability
