Vulnerabilities > Hitachienergy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-21 | CVE-2022-3388 | Improper Input Validation vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. | 7.8 |
| 2022-09-14 | CVE-2022-1778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. | 4.4 |
| 2022-09-14 | CVE-2022-29492 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-29922 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-2277 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |
| 2022-09-12 | CVE-2022-29490 | Unspecified vulnerability in Hitachienergy Microscada X Sys600 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | 8.8 |
| 2022-07-25 | CVE-2021-40336 | Injection vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. | 8.8 |
| 2022-06-07 | CVE-2021-35530 | Unspecified vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. | 6.7 |
| 2022-06-07 | CVE-2021-35531 | OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. | 6.7 |
| 2022-05-02 | CVE-2022-28613 | Improper Validation of Specified Quantity in Input vulnerability in multiple products A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. | 7.5 |