Vulnerabilities > Hitachienergy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-14 | CVE-2022-29492 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-29922 | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
| 2022-09-14 | CVE-2022-2277 | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |
| 2022-09-12 | CVE-2022-29490 | Unspecified vulnerability in Hitachienergy Microscada X Sys600 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | 8.8 |
| 2022-07-25 | CVE-2021-40335 | Cross-Site Request Forgery (CSRF) vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware 2.1.0/2.2.0 A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | 8.8 |
| 2022-07-25 | CVE-2021-40336 | Injection vulnerability in Hitachienergy Modular Switchgear Monitoring Firmware 2.1.0/2.2.0 A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. | 8.8 |
| 2022-05-02 | CVE-2022-28613 | Improper Validation of Specified Quantity in Input vulnerability in multiple products A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. | 7.5 |
| 2021-12-02 | CVE-2021-40333 | Weak Password Requirements vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. | 7.1 |
| 2021-12-02 | CVE-2021-40334 | Unspecified vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. | 7.5 |
| 2021-11-26 | CVE-2021-35533 | Improper Input Validation vulnerability in Hitachienergy Rtu500 Firmware 12.0/12.2/12.4 Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. | 7.5 |