Hitachi EnergyCVELIST:CVE-2022-29490CVE-2022-29490 A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.8%
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user’s role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
CNA Affected
[
{
"product": "MicroSCADA X SYS600",
"vendor": "Hitachi Energy",
"versions": [
{
"status": "affected",
"version": "10"
},
{
"status": "affected",
"version": "10.1"
},
{
"status": "affected",
"version": "10.1.1"
},
{
"status": "affected",
"version": "10.2"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3"
},
{
"status": "affected",
"version": "10.3.1"
}
]
}
]Related
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.8%