Attacker can manipulate system files or sensitive data through setTimeout() calls

CVE-2024-3980

8.8HIGH

Key Information

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

Badges

📰 News Worthy

Summary

The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application.

Affected Version(s)

MicroSCADA SYS600 <= 10.5

News Articles

CVE-2024-4872CVE-2024-3980

Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

1 month ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 8.8 to: 9.9 - (CRITICAL)
Aug 30, 2024
First article discovered by null
Aug 28, 2024
Vulnerability published.
Aug 27, 2024
Vulnerability Reserved.
Apr 19, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)