Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-41153 | Command Injection vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. | 7.2 |
| 2024-10-29 | CVE-2024-41156 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. | 4.3 |
| 2024-08-27 | CVE-2024-3980 | Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. | 8.8 |
| 2024-08-27 | CVE-2024-3982 | Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. | 8.2 |
| 2024-08-27 | CVE-2024-4872 | Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. | 8.8 |
| 2024-08-27 | CVE-2024-7940 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600 The product exposes a service that is intended for local only to all network interfaces without any authentication. | 9.8 |
| 2024-08-27 | CVE-2024-7941 | Open Redirect vulnerability in Hitachienergy Microscada X Sys600 10.5 An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | 4.3 |
| 2024-06-11 | CVE-2024-28020 | Unspecified vulnerability in Hitachienergy Foxman-Un and Unem A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. | 8.0 |
| 2024-06-11 | CVE-2024-28022 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | 6.5 |
| 2024-06-11 | CVE-2024-28024 | Cleartext Storage of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | 4.1 |