Local File Tampering Vulnerability in MicroSCADA X SYS600 by Hitachi Energy
CVE-2025-39201

6.1MEDIUM

Key Information:

Vendor: Hitachi
Status: Microscada X Sys600
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-39201?

A local file tampering vulnerability exists in MicroSCADA X SYS600 which, if exploited, allows an unauthenticated attacker to modify critical system files. This manipulation can lead to a denial of the Notify service, potentially disrupting operations and compromising system integrity. Organizations using this product should assess their security posture and implement necessary mitigations promptly.

Affected Version(s)

MicroSCADA X SYS600 10.0 <= 10.6

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Apr 16, 2025