cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-2378,https://securityvulnerability.io/vulnerability/CVE-2024-2378,Web Authentication Component Vulnerability Could Lead to Privilege Escalation,"A vulnerability is present in the web-authentication component of the Hitachi Energy SDM600. When exploited, this flaw can allow an attacker to escalate privileges on installations utilizing this product. Proper safeguards should be implemented to mitigate these risks, and users are advised to apply any relevant security patches or updates to protect their systems.",Hitachi,Sdm600,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T12:58:21.972Z,0 CVE-2024-2377,https://securityvulnerability.io/vulnerability/CVE-2024-2377,Potential Privilege Escalation Vulnerability in SDM600 HTTP Response Header Settings,"The SDM600 by Hitachi Energy contains a vulnerability stemming from overly permissive settings in the HTTP response headers. This flaw allows attackers to exploit the configuration, potentially enabling them to perform unauthorized actions or access sensitive information within the server. Properly configuring the web server settings is essential to mitigate the risk associated with this vulnerability and to ensure the security of the deployed system.",Hitachi,Sdm600,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T12:55:20.956Z,0 CVE-2022-3685,https://securityvulnerability.io/vulnerability/CVE-2022-3685,SDM600 software privilege level,"A privilege escalation vulnerability exists in Hitachi Energy's SDM600 software, which operates at a higher privilege level than necessary. An attacker can exploit this flaw to gain elevated access within the system. This vulnerability impacts all versions prior to 1.3.0, allowing unauthorized actions in sensitive areas of the software environment. It is crucial for users to upgrade to the latest version to mitigate potential risks.",Hitachi,Sdm600,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-03-28T13:00:13.800Z,0 CVE-2022-3686,https://securityvulnerability.io/vulnerability/CVE-2022-3686,SDM600 API permission check,"A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:* ",Hitachi,Sdm600,4.8,MEDIUM,0.0015200000489130616,false,,false,false,false,,,false,false,,2023-03-28T12:57:11.113Z,0 CVE-2022-3684,https://securityvulnerability.io/vulnerability/CVE-2022-3684,"SDM600 endpoint vulnerability ","A denial of service vulnerability has been identified in the SDM600 endpoint by Hitachi Energy. The exploit occurs when an attacker sends multiple parallel requests, causing the SDM600 web services to become overburdened and eventually unresponsive. This vulnerability affects all SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291). It is crucial for organizations using these systems to evaluate their security posture and apply the necessary updates to mitigate potential disruptions.",Hitachi,Sdm600,7.5,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-03-28T12:49:36.714Z,0 CVE-2022-3683,https://securityvulnerability.io/vulnerability/CVE-2022-3683,SDM600 API web services authorization validation,"A significant vulnerability exists within the authorization validation of Hitachi Energy's SDM600 API web services. This flaw allows attackers to gain unauthorized access to sensitive data stored in data stores that lack sufficient protection. By exploiting this weakness, an attacker can potentially read critical data, leading to serious security risks. This affects all versions of SDM600 prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291), requiring immediate attention for those using affected versions.",Hitachi,Sdm600,7.7,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-03-28T12:28:37.543Z,0 CVE-2022-3682,https://securityvulnerability.io/vulnerability/CVE-2022-3682,SDM600 file permission validation,"A vulnerability in the Hitachi Energy SDM600 product exists due to inadequate file permission validation. Attackers can exploit this flaw by uploading specially crafted messages to the system, potentially leading to arbitrary code execution. This issue can affect all versions of SDM600 prior to the secured revision 1.2 FP3 HF4 (Build Nr. 1.2.23000.291). Users are advised to update to the latest version to mitigate risks associated with this vulnerability.",Hitachi,Sdm600,9.9,CRITICAL,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-03-28T11:36:37.421Z,0 CVE-2021-35526,https://securityvulnerability.io/vulnerability/CVE-2021-35526,Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product,Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).,Hitachi Abb Power Grids,System Data Manager – Sdm600,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-08-31T00:00:00.000Z,0