Vulnerabilities > Hitachienergy

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-41153 Command Injection vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands.
network
low complexity
hitachienergy CWE-77
7.2
2024-10-29 CVE-2024-41156 Improper Cross-boundary Removal of Sensitive Data vulnerability in Hitachienergy Tro610 Firmware, Tro620 Firmware and Tro670 Firmware
Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats.
network
low complexity
hitachienergy CWE-212
2.7
2024-08-27 CVE-2024-3980 Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations.
network
low complexity
hitachienergy CWE-22
8.8
2024-08-27 CVE-2024-3982 Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session.
local
low complexity
hitachienergy CWE-294
8.2
2024-08-27 CVE-2024-4872 Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product.
network
low complexity
hitachienergy
8.8
2024-08-27 CVE-2024-7940 Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600
The product exposes a service that is intended for local only to all network interfaces without any authentication.
network
low complexity
hitachienergy CWE-306
critical
9.8
2024-08-27 CVE-2024-7941 Open Redirect vulnerability in Hitachienergy Microscada X Sys600 10.5
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
network
low complexity
hitachienergy CWE-601
4.3
2024-06-11 CVE-2024-28020 Unspecified vulnerability in Hitachienergy Foxman-Un and Unem
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management.
network
high complexity
hitachienergy
8.0
2024-06-11 CVE-2024-28022 Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.
network
high complexity
hitachienergy CWE-307
6.5
2024-06-11 CVE-2024-28024 Cleartext Storage of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
local
high complexity
hitachienergy CWE-312
4.1