Data Leakage Vulnerability in MicroSCADA X SYS600 by Hitachi Energy
CVE-2025-39204

8.5HIGH

Key Information:

Vendor: Hitachi
Status: Microscada X Sys600
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-39204?

A vulnerability has been identified in the web interface of the MicroSCADA X SYS600 product from Hitachi Energy. This vulnerability allows for the manipulation of filtering queries, which can result in the unintended disclosure of sensitive information to unauthorized users. Proper filtering and validation are essential to prevent such data leakage incidents, ensuring the integrity and confidentiality of user data.

Affected Version(s)

MicroSCADA X SYS600 10.0 <= 10.6

References

https://publisher.hitachienergy.com/preview?DocumentID=8D...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Apr 16, 2025