Vulnerabilites related to hitachienergy - microscada_pro_sys600
CVE-2024-4872 (GCVE-0-2024-4872)
Vulnerability from cvelistv5
Published
2024-08-27 12:37
Modified
2025-04-11 14:01
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
Summary
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability
an attacker must have a valid credential.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | MicroSCADA X SYS600 |
Version: 10.0 < Patch: 10.3 vulnerability patch 2025_01 Patch: 10.4 vulnerability patch 2025_01 Patch: 10.5 vulnerability patch 2025_01 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:microscada_sys600:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "microscada_sys600",
"vendor": "hitachienergy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T13:40:43.456014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T13:46:49.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.3 vulnerability patch 2025_01",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.4 vulnerability patch 2025_01",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.5 vulnerability patch 2025_01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA Pro SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "9.4 FP2 HF5",
"status": "affected",
"version": "9.4 FP2 HF1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential.\n\n\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MicroSCADA X SYS600"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MicroSCADA Pro SYS600"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-943",
"description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:01:46.020Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-4872",
"datePublished": "2024-08-27T12:37:28.958Z",
"dateReserved": "2024-05-14T14:41:23.177Z",
"dateUpdated": "2025-04-11T14:01:46.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5620 (GCVE-0-2019-5620)
Vulnerability from cvelistv5
Published
2020-04-29 22:15
Modified
2024-09-17 03:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ABB | MicroSCADA Pro SYS600 |
Version: 9.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MicroSCADA Pro SYS600",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "9.3"
}
]
}
],
"datePublic": "2013-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
],
"exploits": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-29T22:15:27",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"title": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function",
"x_generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2013-04-05T00:00:00.000Z",
"ID": "CVE-2019-5620",
"STATE": "PUBLIC",
"TITLE": "ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MicroSCADA Pro SYS600",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
}
]
},
"exploit": [
{
"lang": "en",
"value": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"generator": {
"engine": "Tod\u0027s Junk Converter 0.0.2"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5620",
"datePublished": "2020-04-29T22:15:27.966812Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:28:34.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3980 (GCVE-0-2024-3980)
Vulnerability from cvelistv5
Published
2024-08-27 12:42
Modified
2024-10-29 13:35
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | MicroSCADA X SYS600 |
Version: 10.0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "microscada_sys600",
"vendor": "hitachienergy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:10:05.924302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:15:23.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "10.5",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA Pro SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"lessThanOrEqual": "9.4 FP2 HF5",
"status": "affected",
"version": "9.4 FP2 HF1",
"versionType": "custom"
},
{
"status": "affected",
"version": "9.4 FP1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
}
],
"value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MicroSCADA X SYS600"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "MicroSCADA Pro SYS600"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:35:30.374Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2024-3980",
"datePublished": "2024-08-27T12:42:41.124Z",
"dateReserved": "2024-04-19T12:45:24.793Z",
"dateUpdated": "2024-10-29T13:35:30.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3388 (GCVE-0-2022-3388)
Vulnerability from cvelistv5
Published
2022-11-21 00:00
Modified
2025-07-23 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Hitachi Energy | MicroSCADA Pro SYS600 |
Version: 9.0 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MicroSCADA Pro SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "9.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
}
],
"value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
}
],
"impacts": [
{
"capecId": "CAPEC-23",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-23 File Content Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T04:28:13.552Z",
"orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"shortName": "Hitachi Energy"
},
"references": [
{
"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u0026nbsp;Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\u003cbr\u003e\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\u003cbr\u003e\u003cbr\u003e \n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\u003cbr\u003e\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2\u00a0Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1.\n\n\nA requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least\nthe SYS600 9.4 FP2 Hotfix 4 installed.\n\n \n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*\n\n\n\n\ncpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\u003cbr\u003e\u003cbr\u003e\n\n\nCPE:\u0026nbsp;\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003cbr\u003ecpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "For SYS600 10.x update to at least SYS600 version 10.4.1\nOr apply general mitigation factors.\n\n\n\n\nCPE:\u00a0\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\ncpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*"
}
],
"source": {
"advisory": "8DBD000123",
"discovery": "INTERNAL"
},
"title": "Input Validation Vulnerability in Hitachi Energy\u2019s MicroSCADA Pro/X SYS600 Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u0026nbsp;carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline.\n\n\u003cbr\u003e"
}
],
"value": "Recommended security practices and firewall configurations can help protect a process control network from\nattacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and\nare separated from other networks by means of a firewall system that has a minimal number of ports exposed,\nand others that have to be evaluated case by case. Process control systems should not be used for Internet\nsurfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be\u00a0carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed.\nWe recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X\nCyber Security Deployment Guideline."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
"assignerShortName": "Hitachi Energy",
"cveId": "CVE-2022-3388",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-09-30T00:00:00.000Z",
"dateUpdated": "2025-07-23T20:45:00.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-08-27 13:15
Modified
2024-10-30 15:31
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability
an attacker must have a valid credential.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_x_sys600 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*",
"matchCriteriaId": "0B90ED6E-68E4-4C14-B275-F44BAC1B9C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "196E08EA-807C-4B7B-981A-96D106AC328B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*",
"matchCriteriaId": "680FAE83-9D7A-4AD9-AFBE-480FD105ADC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*",
"matchCriteriaId": "014C8428-8F88-4C3D-B9B1-87DE26867471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*",
"matchCriteriaId": "06AFA271-0785-4526-B7DA-FA00672CC5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAAFA90-ACFF-47E2-A23D-728912D74B99",
"versionEndExcluding": "10.6",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability\nan attacker must have a valid credential."
},
{
"lang": "es",
"value": "El producto no valida ninguna consulta sobre datos persistentes, lo que genera riesgo de ataques de inyecci\u00f3n."
}
],
"id": "CVE-2024-4872",
"lastModified": "2024-10-30T15:31:41.743",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-27T13:15:05.890",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-943"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-21 19:15
Modified
2025-07-23 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | microscada_pro_sys600 | 9.0 | |
| hitachienergy | microscada_pro_sys600 | 9.1 | |
| hitachienergy | microscada_pro_sys600 | 9.2 | |
| hitachienergy | microscada_pro_sys600 | 9.3 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_x_sys600 | 10 | |
| hitachienergy | microscada_x_sys600 | 10.1 | |
| hitachienergy | microscada_x_sys600 | 10.1.1 | |
| hitachienergy | microscada_x_sys600 | 10.2 | |
| hitachienergy | microscada_x_sys600 | 10.2.1 | |
| hitachienergy | microscada_x_sys600 | 10.3 | |
| hitachienergy | microscada_x_sys600 | 10.3.1 | |
| hitachienergy | microscada_x_sys600 | 10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04AC7D20-659E-4844-A5A1-5B995FDB1B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A63E12C-E39C-420F-AEA2-377A60E03A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD469ED-619F-4075-923A-8D6E15245831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0577CAD7-1C5C-40D6-B20B-56F532642583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDCF4E1-FCCC-4984-AE92-3C188B469E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*",
"matchCriteriaId": "606A7937-B800-4862-9B38-91E10BD54184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "572594C5-7BDF-4555-954E-59AC83373E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F9C6EE-D049-42E7-8843-9C732DCB1E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D603FC1-851F-49DD-931C-E74F142F6281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8617D0B8-0516-4CA2-9CFA-B9B65D8E125F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EC293ABD-343C-4DE1-BE14-E3033DE094AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571AF4DB-6A32-49CF-B8E9-8224A084BE35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8462B2-9E02-414C-96DA-98C812089F56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user\u0027s role."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de validaci\u00f3n de entrada en la interfaz Monitor Pro de MicroSCADA Pro y MicroSCADA X SYS600. Un usuario autenticado puede iniciar una ejecuci\u00f3n remota de c\u00f3digo a nivel de administrador, independientemente de su rol."
}
],
"id": "CVE-2022-3388",
"lastModified": "2025-07-23T21:15:25.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-21T19:15:13.353",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch\u0026elqaid=4293\u0026elqat=1"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-29 23:15
Modified
2024-11-21 04:45
Severity ?
Summary
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | microscada_pro_sys600 | 9.3 | |
| microsoft | windows_7 | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0577CAD7-1C5C-40D6-B20B-56F532642583",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
"matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function."
},
{
"lang": "es",
"value": "ABB MicroSCADA Pro SYS600 versi\u00f3n 9.3, sufre de una instancia CWE-306: Falta de Autenticaci\u00f3n para una Funci\u00f3n Cr\u00edtica."
}
],
"id": "CVE-2019-5620",
"lastModified": "2024-11-21T04:45:15.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-29T23:15:13.033",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-27 13:15
Modified
2024-10-30 15:33
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_pro_sys600 | 9.4 | |
| hitachienergy | microscada_x_sys600 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_1:*:*:*:*:*:*",
"matchCriteriaId": "BC4CE02B-F8CF-4A9E-B9FC-AEFE59F4BCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*",
"matchCriteriaId": "0B90ED6E-68E4-4C14-B275-F44BAC1B9C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*",
"matchCriteriaId": "196E08EA-807C-4B7B-981A-96D106AC328B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*",
"matchCriteriaId": "680FAE83-9D7A-4AD9-AFBE-480FD105ADC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*",
"matchCriteriaId": "014C8428-8F88-4C3D-B9B1-87DE26867471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*",
"matchCriteriaId": "06AFA271-0785-4526-B7DA-FA00672CC5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAAFA90-ACFF-47E2-A23D-728912D74B99",
"versionEndExcluding": "10.6",
"versionStartIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."
},
{
"lang": "es",
"value": "El producto permite que el usuario controle o influya en las rutas o nombres de archivos que se utilizan en las operaciones del sistema de archivos, lo que permite al atacante acceder o modificar archivos del sistema u otros archivos que son cr\u00edticos para la aplicaci\u00f3n."
}
],
"id": "CVE-2024-3980",
"lastModified": "2024-10-30T15:33:12.697",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-27T13:15:05.210",
"references": [
{
"source": "cybersecurity@hitachienergy.com",
"tags": [
"Vendor Advisory"
],
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cybersecurity@hitachienergy.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}