Unsecured Local Only Service Exposes All Network Interfaces Without Authentication
CVE-2024-7940

9.8CRITICAL

Key Information:

Vendor: Hitachi
Status: Microscada Sys600
Vendor: CVE Published:; 27 August 2024

Summary

A significant vulnerability exists in certain Hitachi Energy products where a service designed for local access is inadvertently exposed to all network interfaces. This exposure occurs without any form of authentication, thereby enabling unauthorized users to access critical functionalities intended solely for local use. Such a breach poses serious risks to the integrity and security of the affected systems, necessitating immediate attention to mitigate potential exploitation.

Affected Version(s)

MicroSCADA SYS600 10.2 <= 10.5

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2024
Vulnerability Reserved
Aug 19, 2024

Collectors

NVD DatabaseMitre Database