PatchSiren cyber security CVE debrief
CVE-2024-5434 Campbell Scientific CVE debrief
Campbell Scientific CSI Web Server and RTMC Pro products store web authentication credentials in a file with a predictable filename, using weakly encoded passwords. The vulnerability requires local file access or prior compromise, as there is no known remote vector to retrieve the credential file unless it has been manually renamed. If an attacker obtains this file, passwords can be decoded and reused for unauthorized access.
- Vendor
- Campbell Scientific
- Product
- RTMC Pro
- CVSS
- MEDIUM 5.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-28
- Original CVE updated
- 2024-05-28
- Advisory published
- 2024-05-28
- Advisory updated
- 2024-05-28
Who should care
Organizations operating Campbell Scientific environmental monitoring, meteorological, or industrial data acquisition systems using CSI Web Server or RTMC Pro for remote data visualization and system management.
Technical summary
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific, predictable filename. Passwords within this file are encoded using a weak reversible scheme rather than modern cryptographic hashing. CISA's advisory ICSA-24-149-01 confirms there is no known remote exploitation vector; the file cannot be accessed remotely unless manually renamed. However, if an attacker gains local access, filesystem access, or obtains the file through other means, the weak encoding allows straightforward password recovery. Recovered credentials can then be reused to authenticate to the web interface. The vulnerability affects CSI Web Server versions 1.6 and earlier, and RTMC Pro versions 5.0 and earlier.
Defensive priority
medium
Recommended defensive actions
- Apply vendor patches: update CSI Web Server to the most recent 1.x patch version
- Apply vendor patches: update RTMC Pro 5 to the most recent 5.x patch version
- Apply vendor patches: update RTMC Pro 4 to the most recent 4.x patch version
- Restrict physical and logical access to the host system to prevent unauthorized file access
- Review file permissions on the credential storage file to ensure least privilege
- Monitor for unauthorized file access attempts or credential file exfiltration
- Contact Campbell Scientific for additional guidance if running unsupported versions
Evidence notes
CISA CSAF advisory ICSA-24-149-01 published 2024-05-28 identifies affected products: CSI Web Server ≤1.6 and RTMC Pro ≤5.0. The advisory confirms passwords are stored in weakly encoded format within a file having a specific filename, with no known remote access path. CVSS 3.1 score of 5.7 (MEDIUM) reflects AV:A (adjacent network), AC:L (low attack complexity), PR:L (low privileges required), and C:H (high confidentiality impact).
Official resources
-
CVE-2024-5434 CVE record
CVE.org
-
CVE-2024-5434 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-28