11 matches found
CVE-2022-29492
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denia...
CVE-2022-3388
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADAPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
CVE-2022-29922
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IE...
CVE-2022-29490
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to ...
CVE-2024-4872
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerabilityan attacker must have a valid credential.
CVE-2022-1778
Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy Mi...
CVE-2022-2277
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP s...
CVE-2024-3980
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file namesthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files orother files that are critical to the application.
CVE-2024-3982
An attacker with local access to machine where MicroSCADA XSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging levelis not enabled and only users with administrator rig...
CVE-2024-7940
The product exposes a service that is intended for local only toall network interfaces without any authentication.
CVE-2024-7941
An HTTP parameter may contain a URL value and could causethe web application to redirect the request to the specified URL.By modifying the URL value to a malicious site, an attacker maysuccessfully launch a phishing scam and steal user credentials.