cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10205,https://securityvulnerability.io/vulnerability/CVE-2024-10205,Severe Authentication Bypass Vulnerability in Hitachi's Ops Center Analyzer and Infrastructure Analytics Advisor,"CVE-2024-10205 is a critical authentication bypass vulnerability identified in Hitachi's Ops Center Analyzer and Infrastructure Analytics Advisor software, primarily affecting Linux 64-bit versions. This vulnerability allows unauthorized access to sensitive components of both applications, potentially leading to data compromise and increased risk of malicious activity. Users of affected versions should apply security patches and consult the provided reference for mitigation measures.",Hitachi,"Hitachi Ops Center Analyzer,Hitachi Infrastructure Analytics Advisor",9.4,CRITICAL,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T02:15:00.000Z,0
CVE-2024-45068,https://securityvulnerability.io/vulnerability/CVE-2024-45068,Hitachi Ops Center Common Services Authentication Credentials Leakage Vulnerability,"An authentication credentials leakage vulnerability has been identified in Hitachi Ops Center Common Services and the associated OVA deployment. This vulnerability allows unauthorized access to sensitive information, potentially compromising system security. Users operating versions of Hitachi Ops Center Common Services from 10.9.3-00 before 11.0.3-00 and those utilizing Hitachi Ops Center OVA from 10.9.3-00 before 11.0.2-01 are particularly at risk. It is crucial for administrators to assess their systems and apply the necessary updates to mitigate potential threats.",Hitachi,"Hitachi Ops Center Common Services,Hitachi Ops Center Ova",7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T02:32:03.225Z,0
CVE-2024-9929,https://securityvulnerability.io/vulnerability/CVE-2024-9929,Authentication Bypass Vulnerability in NSD570 by Hitachi Energy,"In Hitachi Energy's NSD570, an authentication bypass vulnerability allows any authenticated user to view all device logs. This exposure includes sensitive login information along with their timestamps, creating a significant risk of unauthorized access to confidential data.",Hitachi Energy,NSD570,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T14:15:00.000Z,0
CVE-2024-41156,https://securityvulnerability.io/vulnerability/CVE-2024-41156,Sensitivity of Profile File Handling in Tropos Radios from Hitachi Energy,"The vulnerability concerns profile files associated with the TRO600 series radios from Hitachi Energy, which can be extracted in both plain-text and encrypted formats. These profile files contain critical configuration details about the Tropos network that could be leveraged by potential attackers. Although only authenticated users with elevated privileges can export these files, the risk lies in the potential for unauthorized access if security measures are not robustly implemented. Implementing strong data protection protocols is essential to prevent leakage of sensitive information.",Hitachi,Tro610 Firmware,2.7,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-29T13:15:00.000Z,0
CVE-2024-41153,https://securityvulnerability.io/vulnerability/CVE-2024-41153,Command Injection Vulnerability in Hitachi Energy TRO600 Series Radios,"A command injection vulnerability exists in the Edge Computing user interface of the TRO600 series radios from Hitachi Energy, which can be exploited by an attacker with write access to the web UI. This weakness allows the execution of arbitrary system commands with root privileges, exposing the device to substantial risk beyond the intended scope of write privileges. The implications of this vulnerability necessitate immediate attention to safeguard against potential exploitation.",Hitachi,Tro610 Firmware,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-29T13:15:00.000Z,0
CVE-2024-28981,https://securityvulnerability.io/vulnerability/CVE-2024-28981,Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed,"Hitachi Vantara Pentaho Data Integration & Analytics has a vulnerability that exposes database passwords when searching metadata fields that are injectable. This flaw affects versions prior to 10.1.0.0 and 9.3.0.8, as well as the 8.3.x series. The identification of insufficiently protected credentials can potentially lead to unauthorized access to sensitive data, demanding prompt attention and remediation to maintain the integrity and confidentiality of the information handled by the application.",Hitachi,Pentaho Data Integration & Analytics,8.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-12T00:15:00.000Z,0
CVE-2024-7941,https://securityvulnerability.io/vulnerability/CVE-2024-7941,Malicious Redirection Vulnerability,"A vulnerability exists within the web application of Hitachi Energy products, where an HTTP parameter containing a URL may be exploited. An attacker can manipulate this parameter to redirect users to a malicious site. This redirection poses a significant risk as it can lead to phishing scams, ultimately enabling attackers to harvest user credentials and sensitive information unsuspecting users might enter. Proper validation and sanitization of URL parameters are crucial to mitigate these risks and protect users from potential attacks.",Hitachi,Microscada Sys600,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-27T12:57:55.044Z,0
CVE-2024-7940,https://securityvulnerability.io/vulnerability/CVE-2024-7940,Unsecured Local Only Service Exposes All Network Interfaces Without Authentication,"A significant vulnerability exists in certain Hitachi Energy products where a service designed for local access is inadvertently exposed to all network interfaces. This exposure occurs without any form of authentication, thereby enabling unauthorized users to access critical functionalities intended solely for local use. Such a breach poses serious risks to the integrity and security of the affected systems, necessitating immediate attention to mitigate potential exploitation.",Hitachi,Microscada Sys600,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-27T12:52:24.601Z,0
CVE-2024-3982,https://securityvulnerability.io/vulnerability/CVE-2024-3982,Attackers Could Exploit Session Hijacking of Already Established Sessions,"A vulnerability exists in MicroSCADA X SYS600 that allows an attacker with local access to exploit an established session. By enabling the session logging, which is disabled by default except for users with administrator rights, an attacker could potentially hijack the session, leading to unauthorized actions within the system. Organizations utilizing this product should review their security configurations and consider the implications of session logging capabilities.",Hitachi,Microscada Sys600,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-27T12:47:21.577Z,0
CVE-2024-3980,https://securityvulnerability.io/vulnerability/CVE-2024-3980,Attacker can manipulate system files or sensitive data through setTimeout() calls,"The MicroSCADA Pro/X SYS600 product by Hitachi Energy contains a vulnerability that enables an authenticated user to input data that can control or influence file paths and names during filesystem operations. This weakness may allow attackers to access or modify critical system files, posing a significant risk to application integrity and security. Proper input validation mechanisms are essential to mitigate the exploitation of this vulnerability and ensure the protection of sensitive information.",Hitachi,Microscada Sys600,8.8,HIGH,0.0004900000058114529,false,,true,false,false,,,false,false,,2024-08-27T12:42:41.124Z,0
CVE-2024-4872,https://securityvulnerability.io/vulnerability/CVE-2024-4872,Risk of Injection Attacks Due to Lack of Persistent Data Validation,"A vulnerability has been identified in the query validation mechanism of the MicroSCADA Pro/X SYS600 product, developed by Hitachi Energy. This vulnerability allows an authenticated attacker, equipped with valid credentials, to exploit the system by injecting malicious code targeting persistent data storage. Successful exploitation of this vulnerability may compromise the integrity of the system's data and could lead to further security breaches, highlighting the significance of stringent security measures and regular software updates.",Hitachi,Microscada Sys600,8.8,HIGH,0.0005000000237487257,false,,true,false,false,,,false,false,,2024-08-27T12:37:28.958Z,0
CVE-2024-7125,https://securityvulnerability.io/vulnerability/CVE-2024-7125,Hitachi Ops Center Common Services Authentication Bypass Vulnerability,"An authentication bypass vulnerability exists in Hitachi Ops Center Common Services, allowing unauthorized users to gain access to system resources. This vulnerability affects versions from 10.9.3-00 up to, but not including, 11.0.2-01. Organizations using these versions should prioritize addressing this security flaw to mitigate potential unauthorized access and ensure secure operations.",Hitachi,Hitachi Ops Center Common Services,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-27T04:15:15.774Z,0
CVE-2024-5828,https://securityvulnerability.io/vulnerability/CVE-2024-5828,Hitachi Tuning Manager Injection Vulnerability Allows Code Injection,"An Expression Language Injection vulnerability exists in Hitachi Tuning Manager, which operates across Windows, Linux, and Solaris platforms. This vulnerability can allow attackers to conduct code injection attacks, compromising the integrity of the application and potentially leading to unauthorized access or manipulation of data. The affected versions prior to 8.8.7-00 demonstrate insufficient validation of user input, enabling exploitation through crafted expressions. Organizations utilizing Hitachi Tuning Manager are urged to assess their environments for this vulnerability and apply appropriate security patches to mitigate risks and protect sensitive information.",Hitachi,Hitachi Tuning Manager,9.8,CRITICAL,0.001290000043809414,false,,false,false,false,,,false,false,,2024-08-06T02:21:38.553Z,0
CVE-2024-5963,https://securityvulnerability.io/vulnerability/CVE-2024-5963,Unquoted Executable Path Vulnerability Affects Hitachi Device Manager on Windows,Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.,Hitachi,Hitachi Device Manager,6.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-06T02:19:41.244Z,0
CVE-2024-2819,https://securityvulnerability.io/vulnerability/CVE-2024-2819,Incorrect Default Permissions Could Lead to File Manipulation,"Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.",Hitachi,Hitachi Ops Center Common Services,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-07-02T01:53:44.982Z,0
CVE-2024-4679,https://securityvulnerability.io/vulnerability/CVE-2024-4679,Incorrect Default Permissions vulnerability affects Hitachi JP1/Extensible SNMP Agent for Windows,The vulnerability in Hitachi's JP1/Extensible SNMP Agent for Windows allows unauthorized file manipulation due to incorrect default permissions. This issue affects a range of versions of the JP1/Extensible SNMP Agent as well as the Job Management Partner1/Extensible SNMP Agent on Windows. Users are advised to update their systems and review security configurations to mitigate potential risks associated with this vulnerability.,Hitachi,"Jp1/extensible Snmp Agent For Windows,Jp1/extensible Snmp Agent,Job Management Partner1/extensible Snmp Agent",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-02T01:51:01.295Z,0
CVE-2024-28984,https://securityvulnerability.io/vulnerability/CVE-2024-28984,Pentaho Server Vulnerable to URL Injection Attacks,"Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.",Hitachi Vantara,Pentaho Business Analytics Server,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-26T23:15:00.000Z,0
CVE-2024-28983,https://securityvulnerability.io/vulnerability/CVE-2024-28983,Pentaho Server Vulnerable to URL Injection Attacks,"Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.",Hitachi Vantara,Business Analytics Server,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-26T23:15:00.000Z,0
CVE-2024-28982,https://securityvulnerability.io/vulnerability/CVE-2024-28982,Pentaho Server Vulnerable to XML External Entity Reference Attack,"The vulnerability affects the Hitachi Vantara Pentaho Business Analytics Server, where an improper restriction of the ACL service endpoint enables potential exploitation through XML External Entity (XXE) reference. This flaw arises in versions prior to 10.1.0.0, 9.3.0.7, and 8.3.x, exposing users and systems to the risk of unauthorized access or data leakage. Proper security measures and updates should be implemented to mitigate this vulnerability.",Hitachi Vantara,Pentaho Business Analytics Server,8.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-26T23:15:00.000Z,0
CVE-2024-22385,https://securityvulnerability.io/vulnerability/CVE-2024-22385,Local Users Can Read and Write Specific Files Due to Incorrect Default Permissions,Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4.,Hitachi,Hitachi Storage Provider For Vmware Vcenter,4.4,MEDIUM,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-06-25T01:34:24.077Z,0
CVE-2024-28020,https://securityvulnerability.io/vulnerability/CVE-2024-28020,Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management,"A vulnerability exists in the FOXMAN-UN and UNEM applications developed by Hitachi Energy, where user/password reuse can be exploited. This flaw enables high-privileged malicious users to utilize stored passwords and login credentials through intricate routines, potentially extending their unauthorized access to the server and other associated services. Organizations utilizing these applications should assess their environments for potential exploitation pathways and implement appropriate security measures.",Hitachi,"Foxman-un,Unem",8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-11T18:20:35.573Z,0
CVE-2024-28024,https://securityvulnerability.io/vulnerability/CVE-2024-28024,Vulnerability in FOXMAN-UN/UNEM Exposes Sensitive Information to Unauthorized Access,"A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is 
stored in cleartext within a resource that might be accessible to another control sphere.",Hitachi,"Foxman-un,Unem",4.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T18:17:54.877Z,0
CVE-2024-28022,https://securityvulnerability.io/vulnerability/CVE-2024-28022,Arbitrary Authentication Attempts Vulnerability,"A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that 
if exploited allows a malicious user to perform an arbitrary number 
of authentication attempts using different passwords, and 
eventually gain access to the targeted account.",Hitachi,"Foxman-un,Unem",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-11T18:15:42.349Z,0
CVE-2024-28023,https://securityvulnerability.io/vulnerability/CVE-2024-28023,Unintended Actors May Access Sensitive Information or Execute Arbitrary Code via Vulnerability in Message Queueing Mechanism,"A vulnerability exists in the message queueing mechanism that if 
exploited can lead to the exposure of resources or functionality to 
unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.",Hitachi,"Foxman-un,Unem",5.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T13:55:56.127Z,0
CVE-2024-28021,https://securityvulnerability.io/vulnerability/CVE-2024-28021,Vulnerability in FOXMAN-UN/UNEM Server Could Lead to Loss of Confidentiality and Integrity,"A vulnerability has been identified in the FOXMAN-UN and FOXMAN-UNEM servers related to the inadequate validation of certificates within their message queueing mechanisms. This shortcoming allows an attacker to potentially spoof a trusted entity, which can lead to significant risks, including unauthorized access to sensitive information and compromised data integrity. Organizations utilizing these products are encouraged to review their security posture and implement necessary safeguards to mitigate this vulnerability.",Hitachi,"Foxman-un,Unem",7.4,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-06-11T13:30:12.765Z,0