Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
CVE-2022-3388

8.8HIGH

Key Information:

Vendor: Hitachi
Status: Microscada Pro Sys600; Microscada X Sys600
Vendor: CVE Published:; 21 November 2022

What is CVE-2022-3388?

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

Affected Version(s)

MicroSCADA Pro SYS600 9.0

MicroSCADA X SYS600 10.0

References

https://search.abb.com/library/Download.aspx?DocumentID=8...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2022
Vulnerability Reserved
Sep 30, 2022