Vulnerabilities > Hitachienergy > Microscada X Sys600 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-3980 | Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. | 8.8 |
| 2024-08-27 | CVE-2024-3982 | Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. | 8.2 |
| 2024-08-27 | CVE-2024-4872 | Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. | 8.8 |
| 2022-11-21 | CVE-2022-3388 | Improper Input Validation vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. | 7.8 |
| 2022-09-14 | CVE-2022-29492 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-29922 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-2277 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |
| 2022-09-12 | CVE-2022-29490 | Unspecified vulnerability in Hitachienergy Microscada X Sys600 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | 8.8 |