Hitachi Microscada Sys600 Vulnerabilities

Malicious Redirection Vulnerability

CVE-2024-7941

HitachiMicroscada Sys6004.3MEDIUM

Unsecured Local Only Service Exposes All Network Interfaces Without Authentication

CVE-2024-7940

HitachiMicroscada Sys6009.8CRITICAL

Attackers Could Exploit Session Hijacking of Already Established Sessions

CVE-2024-3982

HitachiMicroscada Sys6008.2HIGH

Attacker can manipulate system files or sensitive data through setTimeout() calls

CVE-2024-3980

HitachiMicroscada Sys600📰8.8HIGH

Risk of Injection Attacks Due to Lack of Persistent Data Validation

CVE-2024-4872

HitachiMicroscada Sys600📰8.8HIGH

IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products

CVE-2022-3353

HitachiFox61x Tego15.9MEDIUM

Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

CVE-2022-3388

HitachiMicroscada Pro Sys6008.8HIGH

A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...

CVE-2022-1778

HitachiMicroscada X Sys6004.4MEDIUM

A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...

CVE-2022-2277

HitachiMicroscada X Sys6007.5HIGH

A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...

CVE-2022-29922

HitachiMicroscada X Sys6007.5HIGH

A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...

CVE-2022-29492

HitachiMicroscada X Sys6005.3MEDIUM

A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.

CVE-2022-29490

HitachiMicroscada X Sys6008.5HIGH

Microscada Sys600 Vulnerabilities

Vulnerability Published:

Sort By:

27 August 2024

Malicious Redirection Vulnerability

Unsecured Local Only Service Exposes All Network Interfaces Without Authentication

Attackers Could Exploit Session Hijacking of Already Established Sessions

Attacker can manipulate system files or sensitive data through setTimeout() calls

Risk of Injection Attacks Due to Lack of Persistent Data Validation

21 February 2023

IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products

21 November 2022

Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

14 September 2022

A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...

A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...

A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...

A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...

12 September 2022

A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.