Risk of Injection Attacks Due to Lack of Persistent Data Validation

CVE-2024-4872

8.8HIGH

Key Information

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

Badges

📰 News Worthy

Summary

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Affected Version(s)

MicroSCADA SYS600 <= 10.5

News Articles

CVE-2024-4872CVE-2024-3980

Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

3 months ago

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 9.9 - (CRITICAL)
Sep 5, 2024
Risk change from: 9.8 to: 9.9 - (CRITICAL)
Sep 5, 2024
Risk change from: 9.8 to: 9.9 - (CRITICAL)
Aug 30, 2024
First article discovered by null
Aug 28, 2024
Vulnerability published.
Aug 27, 2024
Vulnerability Reserved.
May 14, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)