Vulnerabilities > CVE-2024-4872 - Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hitachienergy

NVD

Published: 2024-08-27

Updated: 2024-10-30

Summary

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Vulnerable Configurations

Part	Description	Count
Application	Hitachienergy Hitachienergy Microscada X Sys600 10.0 Hitachienergy Microscada X Sys600 10.1 Hitachienergy Microscada X Sys600 10.1.1 Hitachienergy Microscada X Sys600 10.2 Hitachienergy Microscada X Sys600 10.2.1 Hitachienergy Microscada X Sys600 10.3 Hitachienergy Microscada X Sys600 10.3.1 Hitachienergy Microscada X Sys600 10.4 Hitachienergy Microscada PRO Sys600 9.4	13

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch