Attackers Could Exploit Session Hijacking of Already Established Sessions
CVE-2024-3982

8.2HIGH

Key Information:

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

What is CVE-2024-3982?

A vulnerability exists in MicroSCADA X SYS600 that allows an attacker with local access to exploit an established session. By enabling the session logging, which is disabled by default except for users with administrator rights, an attacker could potentially hijack the session, leading to unauthorized actions within the system. Organizations utilizing this product should review their security configurations and consider the implications of session logging capabilities.

Affected Version(s)

MicroSCADA SYS600 10.0 <= 10.5

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Apr 19, 2024

Hitachi

What is CVE-2024-3982?

Affected Version(s)

References

CVSS V3.1

Timeline