Attacker can manipulate system files or sensitive data through setTimeout() calls
CVE-2024-3980

8.8HIGH

Key Information:

Vendor
Hitachi
Status
Microscada Sys600
Vendor
CVE Published:
27 August 2024

Badges

πŸ“° News Worthy

Summary

The MicroSCADA Pro/X SYS600 product by Hitachi Energy contains a vulnerability that enables an authenticated user to input data that can control or influence file paths and names during filesystem operations. This weakness may allow attackers to access or modify critical system files, posing a significant risk to application integrity and security. Proper input validation mechanisms are essential to mitigate the exploitation of this vulnerability and ensure the protection of sensitive information.

Affected Version(s)

MicroSCADA SYS600 10.0 <= 10.5

News Articles

favicon image

Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

4 months ago

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.