Vulnerabilities > Hitachienergy > Microscada X Sys600 > 10.4

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-3980 Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations.
network
low complexity
hitachienergy CWE-22
8.8
2024-08-27 CVE-2024-3982 Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session.
local
low complexity
hitachienergy CWE-294
8.2
2024-08-27 CVE-2024-4872 Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product.
network
low complexity
hitachienergy
8.8
2024-08-27 CVE-2024-7940 Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada X Sys600
The product exposes a service that is intended for local only to all network interfaces without any authentication.
network
low complexity
hitachienergy CWE-306
critical
9.8
2022-11-21 CVE-2022-3388 Improper Input Validation vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600.
local
low complexity
hitachienergy CWE-20
7.8