Attacker can manipulate system files or sensitive data through setTimeout() calls
CVE-2024-3980

8.8HIGH

Key Information:

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

Badges

📰 News Worthy

What is CVE-2024-3980?

The MicroSCADA Pro/X SYS600 product by Hitachi Energy contains a vulnerability that enables an authenticated user to input data that can control or influence file paths and names during filesystem operations. This weakness may allow attackers to access or modify critical system files, posing a significant risk to application integrity and security. Proper input validation mechanisms are essential to mitigate the exploitation of this vulnerability and ensure the protection of sensitive information.

Affected Version(s)

MicroSCADA SYS600 10.0 <= 10.5

News Articles

CVE-2024-4872 CVE-2024-3980

Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered
Aug 28, 2024
Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Apr 19, 2024