cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10205,https://securityvulnerability.io/vulnerability/CVE-2024-10205,Severe Authentication Bypass Vulnerability in Hitachi's Ops Center Analyzer and Infrastructure Analytics Advisor,"CVE-2024-10205 is a critical authentication bypass vulnerability identified in Hitachi's Ops Center Analyzer and Infrastructure Analytics Advisor software, primarily affecting Linux 64-bit versions. This vulnerability allows unauthorized access to sensitive components of both applications, potentially leading to data compromise and increased risk of malicious activity. Users of affected versions should apply security patches and consult the provided reference for mitigation measures.",Hitachi,"Hitachi Ops Center Analyzer,Hitachi Infrastructure Analytics Advisor",9.4,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T02:15:00.000Z,0
CVE-2024-45068,https://securityvulnerability.io/vulnerability/CVE-2024-45068,Hitachi Ops Center Common Services Authentication Credentials Leakage Vulnerability,"An authentication credentials leakage vulnerability has been identified in Hitachi Ops Center Common Services and the associated OVA deployment. This vulnerability allows unauthorized access to sensitive information, potentially compromising system security. Users operating versions of Hitachi Ops Center Common Services from 10.9.3-00 before 11.0.3-00 and those utilizing Hitachi Ops Center OVA from 10.9.3-00 before 11.0.2-01 are particularly at risk. It is crucial for administrators to assess their systems and apply the necessary updates to mitigate potential threats.",Hitachi,"Hitachi Ops Center Common Services,Hitachi Ops Center Ova",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T02:32:03.225Z,0
CVE-2024-41153,https://securityvulnerability.io/vulnerability/CVE-2024-41153,Command Injection Vulnerability in Hitachi Energy TRO600 Series Radios,"A command injection vulnerability exists in the Edge Computing user interface of the TRO600 series radios from Hitachi Energy, which can be exploited by an attacker with write access to the web UI. This weakness allows the execution of arbitrary system commands with root privileges, exposing the device to substantial risk beyond the intended scope of write privileges. The implications of this vulnerability necessitate immediate attention to safeguard against potential exploitation.",Hitachi,Tro610 Firmware,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-29T13:15:00.000Z,0
CVE-2024-28981,https://securityvulnerability.io/vulnerability/CVE-2024-28981,Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed,"Hitachi Vantara Pentaho Data Integration & Analytics has a vulnerability that exposes database passwords when searching metadata fields that are injectable. This flaw affects versions prior to 10.1.0.0 and 9.3.0.8, as well as the 8.3.x series. The identification of insufficiently protected credentials can potentially lead to unauthorized access to sensitive data, demanding prompt attention and remediation to maintain the integrity and confidentiality of the information handled by the application.",Hitachi,Pentaho Data Integration & Analytics,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-12T00:15:00.000Z,0
CVE-2024-7940,https://securityvulnerability.io/vulnerability/CVE-2024-7940,Unsecured Local Only Service Exposes All Network Interfaces Without Authentication,"A significant vulnerability exists in certain Hitachi Energy products where a service designed for local access is inadvertently exposed to all network interfaces. This exposure occurs without any form of authentication, thereby enabling unauthorized users to access critical functionalities intended solely for local use. Such a breach poses serious risks to the integrity and security of the affected systems, necessitating immediate attention to mitigate potential exploitation.",Hitachi,Microscada Sys600,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-27T12:52:24.601Z,0
CVE-2024-3982,https://securityvulnerability.io/vulnerability/CVE-2024-3982,Attackers Could Exploit Session Hijacking of Already Established Sessions,"A vulnerability exists in MicroSCADA X SYS600 that allows an attacker with local access to exploit an established session. By enabling the session logging, which is disabled by default except for users with administrator rights, an attacker could potentially hijack the session, leading to unauthorized actions within the system. Organizations utilizing this product should review their security configurations and consider the implications of session logging capabilities.",Hitachi,Microscada Sys600,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-27T12:47:21.577Z,0
CVE-2024-3980,https://securityvulnerability.io/vulnerability/CVE-2024-3980,Attacker can manipulate system files or sensitive data through setTimeout() calls,"The MicroSCADA Pro/X SYS600 product by Hitachi Energy contains a vulnerability that enables an authenticated user to input data that can control or influence file paths and names during filesystem operations. This weakness may allow attackers to access or modify critical system files, posing a significant risk to application integrity and security. Proper input validation mechanisms are essential to mitigate the exploitation of this vulnerability and ensure the protection of sensitive information.",Hitachi,Microscada Sys600,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-08-27T12:42:41.124Z,0
CVE-2024-4872,https://securityvulnerability.io/vulnerability/CVE-2024-4872,Risk of Injection Attacks Due to Lack of Persistent Data Validation,"A vulnerability has been identified in the query validation mechanism of the MicroSCADA Pro/X SYS600 product, developed by Hitachi Energy. This vulnerability allows an authenticated attacker, equipped with valid credentials, to exploit the system by injecting malicious code targeting persistent data storage. Successful exploitation of this vulnerability may compromise the integrity of the system's data and could lead to further security breaches, highlighting the significance of stringent security measures and regular software updates.",Hitachi,Microscada Sys600,8.8,HIGH,0.0005000000237487257,false,,true,false,false,,,false,false,,2024-08-27T12:37:28.958Z,0
CVE-2024-7125,https://securityvulnerability.io/vulnerability/CVE-2024-7125,Hitachi Ops Center Common Services Authentication Bypass Vulnerability,"An authentication bypass vulnerability exists in Hitachi Ops Center Common Services, allowing unauthorized users to gain access to system resources. This vulnerability affects versions from 10.9.3-00 up to, but not including, 11.0.2-01. Organizations using these versions should prioritize addressing this security flaw to mitigate potential unauthorized access and ensure secure operations.",Hitachi,Hitachi Ops Center Common Services,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-27T04:15:15.774Z,0
CVE-2024-5828,https://securityvulnerability.io/vulnerability/CVE-2024-5828,Hitachi Tuning Manager Injection Vulnerability Allows Code Injection,"An Expression Language Injection vulnerability exists in Hitachi Tuning Manager, which operates across Windows, Linux, and Solaris platforms. This vulnerability can allow attackers to conduct code injection attacks, compromising the integrity of the application and potentially leading to unauthorized access or manipulation of data. The affected versions prior to 8.8.7-00 demonstrate insufficient validation of user input, enabling exploitation through crafted expressions. Organizations utilizing Hitachi Tuning Manager are urged to assess their environments for this vulnerability and apply appropriate security patches to mitigate risks and protect sensitive information.",Hitachi,Hitachi Tuning Manager,9.8,CRITICAL,0.001290000043809414,false,,false,false,false,,,false,false,,2024-08-06T02:21:38.553Z,0
CVE-2024-4679,https://securityvulnerability.io/vulnerability/CVE-2024-4679,Incorrect Default Permissions vulnerability affects Hitachi JP1/Extensible SNMP Agent for Windows,The vulnerability in Hitachi's JP1/Extensible SNMP Agent for Windows allows unauthorized file manipulation due to incorrect default permissions. This issue affects a range of versions of the JP1/Extensible SNMP Agent as well as the Job Management Partner1/Extensible SNMP Agent on Windows. Users are advised to update their systems and review security configurations to mitigate potential risks associated with this vulnerability.,Hitachi,"Jp1/extensible Snmp Agent For Windows,Jp1/extensible Snmp Agent,Job Management Partner1/extensible Snmp Agent",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-02T01:51:01.295Z,0
CVE-2024-28982,https://securityvulnerability.io/vulnerability/CVE-2024-28982,Pentaho Server Vulnerable to XML External Entity Reference Attack,"The vulnerability affects the Hitachi Vantara Pentaho Business Analytics Server, where an improper restriction of the ACL service endpoint enables potential exploitation through XML External Entity (XXE) reference. This flaw arises in versions prior to 10.1.0.0, 9.3.0.7, and 8.3.x, exposing users and systems to the risk of unauthorized access or data leakage. Proper security measures and updates should be implemented to mitigate this vulnerability.",Hitachi Vantara,Pentaho Business Analytics Server,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-26T23:15:00.000Z,0
CVE-2024-28020,https://securityvulnerability.io/vulnerability/CVE-2024-28020,Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management,"A vulnerability exists in the FOXMAN-UN and UNEM applications developed by Hitachi Energy, where user/password reuse can be exploited. This flaw enables high-privileged malicious users to utilize stored passwords and login credentials through intricate routines, potentially extending their unauthorized access to the server and other associated services. Organizations utilizing these applications should assess their environments for potential exploitation pathways and implement appropriate security measures.",Hitachi,"Foxman-un,Unem",8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-11T18:20:35.573Z,0
CVE-2024-28021,https://securityvulnerability.io/vulnerability/CVE-2024-28021,Vulnerability in FOXMAN-UN/UNEM Server Could Lead to Loss of Confidentiality and Integrity,"A vulnerability has been identified in the FOXMAN-UN and FOXMAN-UNEM servers related to the inadequate validation of certificates within their message queueing mechanisms. This shortcoming allows an attacker to potentially spoof a trusted entity, which can lead to significant risks, including unauthorized access to sensitive information and compromised data integrity. Organizations utilizing these products are encouraged to review their security posture and implement necessary safeguards to mitigate this vulnerability.",Hitachi,"Foxman-un,Unem",7.4,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-11T13:30:12.765Z,0
CVE-2024-2011,https://securityvulnerability.io/vulnerability/CVE-2024-2011,Heap-Based Buffer Overflow Vulnerability in FOXMAN-UN/UNEM Could Lead to Denial of Service or Arbitrary Code Execution,"A serious heap-based buffer overflow vulnerability exists in the FOXMAN-UN and UNEM products from Hitachi Energy. This flaw, if exploited, could lead to denial of service for applications utilizing these products. Additionally, attackers could potentially execute arbitrary code, which poses a significant risk as it may operate outside the program's security policies. Special precautions are recommended to mitigate potential exploitation of this vulnerability.",Hitachi,"Foxman-un,Unem",9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-11T13:24:58.764Z,0
CVE-2024-2012,https://securityvulnerability.io/vulnerability/CVE-2024-2012,Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway,"A vulnerability exists within the FOXMAN-UN/UNEM server and API Gateway that poses a significant risk if exploited. Attackers could potentially send unauthorized commands or inject harmful code into the UNEM server, compromising sensitive data integrity and confidentiality. This may enable the reading or alteration of critical information, resulting in unpredictable application behavior and serious security implications.",Hitachi,"Foxman-un,Unem",9.8,CRITICAL,0.000910000002477318,false,,true,true,true,2024-12-10T06:30:08.000Z,,false,false,,2024-06-11T13:16:29.566Z,0
CVE-2024-2013,https://securityvulnerability.io/vulnerability/CVE-2024-2013,Authentication Bypass Vulnerability Affects FOXMAN-UN/UNEM Server/API Gateway,"An authentication bypass vulnerability in the FOXMAN-UN/UNEM server and API Gateway, developed by Hitachi Energy, allows attackers to exploit the system without needing proper authentication. This vulnerability enables unauthorized interaction with the application's services, significantly widening the attack surface for post-authentication threats. It poses serious risks as it permits malicious actors to access sensitive functionalities and data that should be restricted to authenticated users, leading to potential data breaches and compromised system integrity.",Hitachi,"Foxman-un,Unem",10,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-11T13:14:40.501Z,0
CVE-2024-2378,https://securityvulnerability.io/vulnerability/CVE-2024-2378,Web Authentication Component Vulnerability Could Lead to Privilege Escalation,"A vulnerability is present in the web-authentication component of the Hitachi Energy SDM600. When exploited, this flaw can allow an attacker to escalate privileges on installations utilizing this product. Proper safeguards should be implemented to mitigate these risks, and users are advised to apply any relevant security patches or updates to protect their systems.",Hitachi,Sdm600,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T12:58:21.972Z,0
CVE-2024-2617,https://securityvulnerability.io/vulnerability/CVE-2024-2617,Bypass Secure Update Vulnerability in RTU500,"A vulnerability in the RTU500 series from Hitachi Energy enables authenticated and authorized users to circumvent secure firmware update mechanisms. This exploitation could allow an attacker to install unsigned firmware, potentially compromising system integrity and security. The vulnerability emphasizes the need for robust security measures to prevent unauthorized firmware modifications, especially in critical infrastructure contexts.",Hitachi,Rtu500 Series Cmu Firmware,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T12:57:37.143Z,0
CVE-2024-2377,https://securityvulnerability.io/vulnerability/CVE-2024-2377,Potential Privilege Escalation Vulnerability in SDM600 HTTP Response Header Settings,"The SDM600 by Hitachi Energy contains a vulnerability stemming from overly permissive settings in the HTTP response headers. This flaw allows attackers to exploit the configuration, potentially enabling them to perform unauthorized actions or access sensitive information within the server. Properly configuring the web server settings is essential to mitigate the risk associated with this vulnerability and to ensure the security of the deployed system.",Hitachi,Sdm600,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T12:55:20.956Z,0
CVE-2024-2493,https://securityvulnerability.io/vulnerability/CVE-2024-2493,Hitachi Ops Center Analyzer Session Hijacking Vulnerability,"A Session Hijacking vulnerability in Hitachi Ops Center Analyzer allows an attacker to potentially exploit the application's session management. Given that affected versions range from 10.0.0-00 and prior to 11.0.1-00, the vulnerability may lead to unauthorized access, potentially compromising sensitive user data and system integrity. It is crucial for users of the affected versions to apply necessary patches to mitigate the risks associated with this vulnerability.",Hitachi,Hitachi Ops Center Analyzer,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-23T05:35:57.491Z,0
CVE-2024-2097,https://securityvulnerability.io/vulnerability/CVE-2024-2097,Malicious Client Can Execute Arbitrary Code Remotely via LINQ Query,"A vulnerability exists in Hitachi Energy's SCM Server where an authenticated malicious client can exploit the system by executing specially crafted LINQ queries. This action allows the user to perform remote code execution, leading to potential manipulation of server operations and unauthorized access to sensitive information. Without proper safeguards, this vulnerability poses a significant risk to organizations using the affected SCM Server versions.",Hitachi,Mach Scm,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T02:26:17.338Z,0
CVE-2024-0400,https://securityvulnerability.io/vulnerability/CVE-2024-0400,Authenticated Remote Code Execution Vulnerability Affects SCM Server,"SCM Software, developed by Hitachi Energy, is designed for both client and server applications. This vulnerability allows an authenticated system manager client to execute LINQ queries on the SCM server for customized filtering. However, a malicious authenticated client can exploit this functionality by sending specially crafted input that bypasses validation checks, enabling the remote execution of arbitrary code on the SCM server. This instance of remote code execution (RCE) poses a significant risk, as it grants attackers the ability to execute any command on the server, potentially compromising the entire system.",Hitachi,Mach Scm,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T02:03:57.253Z,0
CVE-2024-1531,https://securityvulnerability.io/vulnerability/CVE-2024-1531,Vulnerability in stb-language file handling affects RTU500 series products,"A vulnerability in the stb-language file handling within Hitachi Energy's RTU500 series products poses a risk where a malicious actor can exploit the system by uploading a specially crafted stb-language file. This action may result in the unauthorized printing of random memory content into the RTU500 system log, potentially exposing sensitive information. Users of the affected RTU500 series versions are advised to remain vigilant and consider applying necessary security measures to mitigate this risk.",Hitachi,Rtu500 Series Cmu Firmware,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T01:45:44.463Z,0
CVE-2022-36407,https://securityvulnerability.io/vulnerability/CVE-2022-36407,Information Exposure Vulnerability in Hitachi Disk Array Systems,"An insertion of sensitive information into log files vulnerability exists in various models of Hitachi Virtual Storage Platform products. This vulnerability allows local users to gain access to sensitive information, potentially compromising the security of data stored within the system. Several versions of the Hitachi Virtual Storage Platform, VP9500, G1000, G1500, F1500, and other models, are affected, leading to risks associated with unauthorized data exposure. Users are advised to check their systems against the provided version thresholds to ensure they are using secure configurations.",Hitachi,"Hitachi Virtual Storage Platform,Hitachi Virtual Storage Platform Vp9500,Hitachi Virtual Storage Platform G1000, G1500,Hitachi Virtual Storage Platform F1500,Hitachi Virtual Storage Platform 5100, 5500, 5100h, 5500h,Hitachi Virtual Storage Platform 5200, 5600, 5200h, 5600h,Hitachi Unified Storage Vm,Hitachi Virtual Storage Platform G100, G200, G400, G600, G800,Hitachi Virtual Storage Platform F400, F600, F800,Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900,Hitachi Virtual Storage Platform F350, F370, F700, F900,Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390h, E590h, E790h, E1090h",9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-25T05:55:36.386Z,0