MegaSys Computer Technologies’ Telenium Online Web Application, used in SCADA systems, has a critical vulnerability allowing unauthorized remote access. The flaw stems from improper input validation in the login page’s Perl script, enabling attackers to inject arbitrary code. This issue, tracked as CVE-2024-6404, has a CVSS v4 severity score of 9.3, reflecting its high potential impact on system confidentiality, integrity, and availability.
Affected versions include Telenium Online Web Application versions 8.3 and prior. Exploitation could lead to remote code execution, allowing attackers to access sensitive data or manipulate control system configurations. Given the application’s use in critical infrastructure sectors like information technology and communications, prompt remediation is essential.
MegaSys has released patches for versions 7.4.72 and 8.3.36 of the affected application. Users unable to upgrade should disable the web-based interface to mitigate the risk. Additionally, applying network security measures, such as using firewalls and VPNs, can reduce potential exposure to the vulnerability.
CISA emphasizes the need for proper impact assessments and proactive cybersecurity strategies. Organizations are advised to limit network exposure, use secure remote access solutions, and follow recommended best practices. No known public exploitation has been reported, but continued vigilance is crucial to safeguarding critical systems from potential attacks.
Reference:
