Microscada X Sys600 Security Vulnerabilities and Issues — Microscada X Sys600 CVE List

Lucene search

HitachienergyMicroscada X Sys600

5 matches found

CVE•added 2024/08/27 1:15 p.m.•45 views

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerabilityan attacker must have a valid credential.

9.9CVSS8.6AI score0.00317EPSS

CVE•added 2024/08/27 1:15 p.m.•42 views

CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file namesthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files orother files that are critical to the application.

9.9CVSS8.7AI score0.00222EPSS

CVE•added 2024/08/27 1:15 p.m.•40 views

CVE-2024-3982

An attacker with local access to machine where MicroSCADA XSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging levelis not enabled and only users with administrator rig...

8.2CVSS6.8AI score0.00032EPSS

CVE•added 2024/08/27 1:15 p.m.•39 views

CVE-2024-7940

The product exposes a service that is intended for local only toall network interfaces without any authentication.

9.8CVSS6.9AI score0.0016EPSS

CVE•added 2024/08/27 1:15 p.m.•37 views

CVE-2024-7941

An HTTP parameter may contain a URL value and could causethe web application to redirect the request to the specified URL.By modifying the URL value to a malicious site, an attacker maysuccessfully launch a phishing scam and steal user credentials.

4.3CVSS6.9AI score0.00102EPSS