Risk of Injection Attacks Due to Lack of Persistent Data Validation
CVE-2024-4872

8.8HIGH

Key Information:

Vendor
Hitachi
Status
Microscada Sys600
Vendor
CVE Published:
27 August 2024

Badges

πŸ“° News Worthy

Summary

A vulnerability has been identified in the query validation mechanism of the MicroSCADA Pro/X SYS600 product, developed by Hitachi Energy. This vulnerability allows an authenticated attacker, equipped with valid credentials, to exploit the system by injecting malicious code targeting persistent data storage. Successful exploitation of this vulnerability may compromise the integrity of the system's data and could lead to further security breaches, highlighting the significance of stringent security measures and regular software updates.

Affected Version(s)

MicroSCADA SYS600 10.0 <= 10.5

News Articles

favicon image

Hitachi Energy Vulnerabilities Plague SCADA Power Systems

The company has assessed four of the five disclosed vulnerabilities as being of high to critical severity.

4 months ago

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.