Hitachienergy

Microscada X Sys600

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5

CVE-2025-39204

  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 12:15:21
  • Zuletzt bearbeitet 26.01.2026 18:42:02

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

7.1

CVE-2025-39205

  • EPSS 0.03%
  • Veröffentlicht 24.06.2025 12:13:20
  • Zuletzt bearbeitet 30.01.2026 18:36:38

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

7.1

CVE-2025-39203

  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 11:57:04
  • Zuletzt bearbeitet 26.01.2026 18:45:18

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

8.1

CVE-2025-39202

  • EPSS 0.03%
  • Veröffentlicht 24.06.2025 11:51:58
  • Zuletzt bearbeitet 26.01.2026 18:52:01

A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.

6.1

CVE-2025-39201

  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 11:46:11
  • Zuletzt bearbeitet 26.01.2026 18:56:36

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

9.8

CVE-2024-7940

  • EPSS 0.62%
  • Veröffentlicht 27.08.2024 13:15:06
  • Zuletzt bearbeitet 28.08.2024 16:24:07

The product exposes a service that is intended for local only to all network interfaces without any authentication.

4.3

CVE-2024-7941

  • EPSS 0.33%
  • Veröffentlicht 27.08.2024 13:15:06
  • Zuletzt bearbeitet 30.10.2024 15:29:26

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials...

8.8

CVE-2024-3980

  • EPSS 0.65%
  • Veröffentlicht 27.08.2024 13:15:05
  • Zuletzt bearbeitet 30.10.2024 15:33:12

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other fi...

8.2

CVE-2024-3982

  • EPSS 0.06%
  • Veröffentlicht 27.08.2024 13:15:05
  • Zuletzt bearbeitet 30.10.2024 15:32:23

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level i...

8.8

CVE-2024-4872

  • EPSS 0.5%
  • Veröffentlicht 27.08.2024 13:15:05
  • Zuletzt bearbeitet 30.10.2024 15:31:41

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker mu...