Vulnerabilities > Hitachienergy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-3980 | Path Traversal vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. | 8.8 |
| 2024-08-27 | CVE-2024-3982 | Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. | 8.2 |
| 2024-08-27 | CVE-2024-4872 | Unspecified vulnerability in Hitachienergy Microscada PRO Sys600 and Microscada X Sys600 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. | 8.8 |
| 2024-06-11 | CVE-2024-28020 | Unspecified vulnerability in Hitachienergy Foxman-Un and Unem A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. | 8.0 |
| 2024-06-11 | CVE-2024-28021 | Improper Certificate Validation vulnerability in Hitachienergy Foxman-Un, Foxman UN and Unem A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. | 7.4 |
| 2024-01-04 | CVE-2022-2081 | Out-of-bounds Write vulnerability in Hitachienergy products A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. | 7.5 |
| 2023-12-19 | CVE-2023-1514 | Improper Certificate Validation vulnerability in Hitachienergy Rtu500 Scripting Interface 1.0.1.30/1.0.2/1.1.1 A vulnerability exists in the component RTU500 Scripting interface. | 7.5 |
| 2023-12-19 | CVE-2023-6711 | Classic Buffer Overflow vulnerability in Hitachienergy Rtu500 Firmware Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 7.5 |
| 2023-12-01 | CVE-2023-4518 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy products A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. | 7.5 |
| 2023-09-11 | CVE-2023-4816 | Improper Authentication vulnerability in Hitachienergy Asset Suite A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. | 8.8 |