Geovap released a software update to mitigate a cross-site scripting vulnerability in its Reliance SCADA product, according to a report with ICS-CERT.
A software management platform, Reliance SCADA Version 4.7.3 Update 2 and prior suffer from the remotely exploitable issue, discovered by Can Demirel.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
In the cross-site scripting vulnerability, it could allow an unauthenticated attacker to inject arbitrary code.
CVE-2017-16721 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.
The product sees action mainly in the critical manufacturing, energy, transportation systems, and water and wastewater systems sectors. It also sees use on a global basis.
To mitigate the vulnerability, Czech Republic-based Geovap released Version 4.7.3 Update 3 of the software.