Vulnerabilities > Hitachienergy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-7941 | Open Redirect vulnerability in Hitachienergy Microscada X Sys600 10.5 An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | 4.3 |
| 2024-06-11 | CVE-2024-28022 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hitachienergy Foxman-Un and Unem A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | 6.5 |
| 2024-06-11 | CVE-2024-28024 | Cleartext Storage of Sensitive Information vulnerability in Hitachienergy Foxman-Un and Unem A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | 4.1 |
| 2024-01-04 | CVE-2022-3864 | Improper Verification of Cryptographic Signature vulnerability in Hitachienergy products A vulnerability exists in the Relion update package signature validation. | 4.5 |
| 2023-12-14 | CVE-2023-5769 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-04 | CVE-2023-5767 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-12-04 | CVE-2023-5768 | Cross-site Scripting vulnerability in Hitachienergy products A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. | 6.1 |
| 2023-11-01 | CVE-2023-2621 | Path Traversal vulnerability in Hitachienergy Modular Advanced Control for Hvdc 5.0/7.10.0.0 The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. | 6.5 |
| 2023-11-01 | CVE-2023-2622 | Unspecified vulnerability in Hitachienergy Modular Advanced Control for Hvdc 7.10.0.0/7.17.0.0/7.18.0.0 Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. | 4.3 |
| 2023-11-01 | CVE-2023-5514 | Information Exposure Through an Error Message vulnerability in Hitachienergy Esoms The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | 5.3 |