CVE-2024-5433 Campbell Scientific CVE debrief

Who should care

Organizations operating Campbell Scientific data acquisition systems in industrial, environmental, or research environments; OT security teams managing remote monitoring infrastructure; asset owners with publicly accessible CSI Web Server deployments.

Technical summary

The CSI Web Server implements a command to retrieve the most recent file matching a specified expression. Insufficient input validation on this expression parameter allows path traversal sequences to bypass directory restrictions. Combined with default anonymous unauthenticated access, this enables remote attackers to read arbitrary files on the underlying system. The vulnerability is network-accessible with low attack complexity and requires no privileges or user interaction.

Defensive priority

medium

Recommended defensive actions

• Apply vendor patches: update CSI Web Server to the most recent 1.x patch; for RTMC Pro 5 update to the most recent 5.x patch; for RTMC Pro 4 update to the most recent 4.x patch
• Contact Campbell Scientific for additional guidance if patching is not immediately feasible
• Review and restrict anonymous access configurations on CSI Web Server deployments
• Monitor access logs for unusual file retrieval patterns or traversal attempts
• Implement network segmentation to limit exposure of ICS web servers to untrusted networks
• Apply CISA ICS recommended practices for defense-in-depth security
• resourceLinkAnnotations: [source-item, ref-4, ref-6, ref-7, ref-8]

Evidence notes

CISA CSAF advisory ICSA-24-149-01 published 2024-05-28 identifies path traversal via crafted expression in file retrieval command. Anonymous unauthenticated access enabled by default. Affected products: CSI Web Server ≤1.6, RTMC Pro ≤5.0. CVSS 3.1 score 5.3 (MEDIUM).

Official resources