cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7941,https://securityvulnerability.io/vulnerability/CVE-2024-7941,Malicious Redirection Vulnerability,"A vulnerability exists within the web application of Hitachi Energy products, where an HTTP parameter containing a URL may be exploited. An attacker can manipulate this parameter to redirect users to a malicious site. This redirection poses a significant risk as it can lead to phishing scams, ultimately enabling attackers to harvest user credentials and sensitive information unsuspecting users might enter. Proper validation and sanitization of URL parameters are crucial to mitigate these risks and protect users from potential attacks.",Hitachi,Microscada Sys600,4.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-08-27T12:57:55.044Z,0
CVE-2024-7940,https://securityvulnerability.io/vulnerability/CVE-2024-7940,Unsecured Local Only Service Exposes All Network Interfaces Without Authentication,"A significant vulnerability exists in certain Hitachi Energy products where a service designed for local access is inadvertently exposed to all network interfaces. This exposure occurs without any form of authentication, thereby enabling unauthorized users to access critical functionalities intended solely for local use. Such a breach poses serious risks to the integrity and security of the affected systems, necessitating immediate attention to mitigate potential exploitation.",Hitachi,Microscada Sys600,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-08-27T12:52:24.601Z,0
CVE-2024-3982,https://securityvulnerability.io/vulnerability/CVE-2024-3982,Attackers Could Exploit Session Hijacking of Already Established Sessions,"A vulnerability exists in MicroSCADA X SYS600 that allows an attacker with local access to exploit an established session. By enabling the session logging, which is disabled by default except for users with administrator rights, an attacker could potentially hijack the session, leading to unauthorized actions within the system. Organizations utilizing this product should review their security configurations and consider the implications of session logging capabilities.",Hitachi,Microscada Sys600,8.2,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-27T12:47:21.577Z,0
CVE-2024-3980,https://securityvulnerability.io/vulnerability/CVE-2024-3980,Attacker can manipulate system files or sensitive data through setTimeout() calls,"The MicroSCADA Pro/X SYS600 product by Hitachi Energy contains a vulnerability that enables an authenticated user to input data that can control or influence file paths and names during filesystem operations. This weakness may allow attackers to access or modify critical system files, posing a significant risk to application integrity and security. Proper input validation mechanisms are essential to mitigate the exploitation of this vulnerability and ensure the protection of sensitive information.",Hitachi,Microscada Sys600,8.8,HIGH,0.0004900000058114529,false,true,false,false,,false,false,2024-08-27T12:42:41.124Z,0
CVE-2024-4872,https://securityvulnerability.io/vulnerability/CVE-2024-4872,Risk of Injection Attacks Due to Lack of Persistent Data Validation,"A vulnerability has been identified in the query validation mechanism of the MicroSCADA Pro/X SYS600 product, developed by Hitachi Energy. This vulnerability allows an authenticated attacker, equipped with valid credentials, to exploit the system by injecting malicious code targeting persistent data storage. Successful exploitation of this vulnerability may compromise the integrity of the system's data and could lead to further security breaches, highlighting the significance of stringent security measures and regular software updates.",Hitachi,Microscada Sys600,8.8,HIGH,0.0005000000237487257,false,true,false,false,,false,false,2024-08-27T12:37:28.958Z,0
CVE-2022-3353,https://securityvulnerability.io/vulnerability/CVE-2022-3353,IEC 61850 MMS-Server Vulnerability in  multiple Hitachi Energy Products,"


A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. 

An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. 




Already existing/established client-server connections are not affected.





List of affected CPEs:




  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:*
  *  cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*






",Hitachi,"Fox61x Tego1,Gms600,Itt600 Sa Explorer,Microscada X Sys600,Msm,Pwc600,Reb500,Relion® 670,Relion® 650,Sam600-io,Rtu500,Txpert Hub Coretec 4,Txpert Hub Coretec 5",5.9,MEDIUM,0.00930000003427267,false,false,false,false,,false,false,2023-02-21T13:50:46.145Z,0
CVE-2022-3388,https://securityvulnerability.io/vulnerability/CVE-2022-3388,Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products,"


An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.





",Hitachi,"Microscada Pro Sys600,Microscada X Sys600",8.8,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0
CVE-2022-1778,https://securityvulnerability.io/vulnerability/CVE-2022-1778,"A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...",Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*,Hitachi,Microscada X Sys600,4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-09-14T18:15:00.000Z,0
CVE-2022-2277,https://securityvulnerability.io/vulnerability/CVE-2022-2277,A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...,"Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*",Hitachi,Microscada X Sys600,7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-09-14T18:15:00.000Z,0
CVE-2022-29922,https://securityvulnerability.io/vulnerability/CVE-2022-29922,A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...,"Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS600 product. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*",Hitachi,"Microscada X Sys600,Microscada Pro Sys600",7.5,HIGH,0.0008900000248104334,false,false,false,false,,false,false,2022-09-14T18:15:00.000Z,0
CVE-2022-29492,https://securityvulnerability.io/vulnerability/CVE-2022-29492,"A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...","Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*",Hitachi,"Microscada X Sys600,Microscada Pro Sys600",5.3,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2022-09-14T18:15:00.000Z,0
CVE-2022-29490,https://securityvulnerability.io/vulnerability/CVE-2022-29490,A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.,Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*,Hitachi,Microscada X Sys600,8.5,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-09-12T21:15:00.000Z,0