CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7941
https://notcve.org/view.php?id=CVE-2024-7941
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7940
https://notcve.org/view.php?id=CVE-2024-7940
The product exposes a service that is intended for local only to all network interfaces without any authentication. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3982
https://notcve.org/view.php?id=CVE-2024-3982
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3980
https://notcve.org/view.php?id=CVE-2024-3980
The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4872
https://notcve.org/view.php?id=CVE-2024-4872
The product does not validate any query towards persistent data, resulting in a risk of injection attacks. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •