Vulnerabilities > Hitachienergy > Microscada X Sys600
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-3980 | Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. | 8.8 |
| 2024-08-27 | CVE-2024-3982 | Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. | 8.2 |
| 2024-08-27 | CVE-2024-4872 | Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. | 8.8 |
| 2024-08-27 | CVE-2024-7940 | Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600 The product exposes a service that is intended for local only to all network interfaces without any authentication. | 9.8 |
| 2024-08-27 | CVE-2024-7941 | Open Redirect vulnerability in Hitachienergy Microscada X Sys600 10.5 An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | 4.3 |
| 2022-11-21 | CVE-2022-3388 | Improper Input Validation vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. | 7.8 |
| 2022-09-14 | CVE-2022-1778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. | 4.4 |
| 2022-09-14 | CVE-2022-29492 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-29922 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-2277 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |