Attackers Could Exploit Session Hijacking of Already Established Sessions

CVE-2024-3982

8.2HIGH

Key Information

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

Summary

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.

Affected Version(s)

MicroSCADA SYS600 <= 10.5

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Aug 27, 2024
Vulnerability Reserved.
Apr 19, 2024

Collectors

NVD DatabaseMitre Database