CVE-2022-29490

🗓️ 12 Sep 2022 19:24:03Reported by Hitachi EnergyType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 59 Views

Improper Authorization vulnerability in Hitachi Energy MicroSCADA X SYS600 version 10 to 10.3.1 allows authenticated users to execute internal scripts irrespectively of role

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2022-29490	6 Sep 202214:30	–	attackerkb
Circl	CVE-2022-29490	13 Sep 202200:24	–	circl
CNNVD	Hitachi Energy MicroSCADA X SYS600 安全漏洞	12 Sep 202200:00	–	cnnvd
Cvelist	CVE-2022-29490 A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.	12 Sep 202219:24	–	cvelist
EUVD	EUVD-2022-33828	3 Oct 202520:07	–	euvd
ICS	Hitachi Energy MicroSCADA Pro X SYS600	29 Sep 202200:00	–	ics
NVD	CVE-2022-29490	12 Sep 202221:15	–	nvd
Prion	Authorization	12 Sep 202221:15	–	prion
Positive Technologies	PT-2022-19656 · Hitachi Energy · Microscada X Sys600	12 Sep 202200:00	–	ptsecurity

NVD

Node

hitachienergy microscada_x_sys600Range10.0–10.3.1

AND

hitachienergy sys600Match-

[
  {
    "product": "MicroSCADA X SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "10"
      },
      {
        "status": "affected",
        "version": "10.1"
      },
      {
        "status": "affected",
        "version": "10.1.1"
      },
      {
        "status": "affected",
        "version": "10.2"
      },
      {
        "status": "affected",
        "version": "10.2.1"
      },
      {
        "status": "affected",
        "version": "10.3"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      }
    ]
  }
]

Source	Link
search	www.search.abb.com/library/Download.aspx

21 Nov 2024 06:59Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.5 - 8.8

EPSS0.00336

CWE-285