Lucene search

[email protected]NVD:CVE-2024-3980

HistoryAug 27, 2024 - 1:15 p.m.

CVE-2024-3980

2024-08-2713:15:05

CWE-22

CWE-88

[email protected]

web.nvd.nist.gov

product security

user input control

filesystem operations

unauthorized access

system files

application files

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.7%

JSON

The product allows user input to control or influence paths or file
names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are
critical to the application.

Affected configurations

Nvd

Node

hitachienergymicroscada_x_sys600Range<10.6

VendorProductVersionCPE
hitachienergymicroscada_x_sys600*cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	microscada_x_sys600	*	cpe:2.3:a:hitachienergy:microscada_x_sys600::::::::

References

publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.7%

JSON

Related for NVD:CVE-2024-3980

vulnrichment1 cve1 cvelist1