CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41153
https://notcve.org/view.php?id=CVE-2024-41153
29 Oct 2024 — Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to ... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7941
https://notcve.org/view.php?id=CVE-2024-7941
27 Aug 2024 — An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7940
https://notcve.org/view.php?id=CVE-2024-7940
27 Aug 2024 — The product exposes a service that is intended for local only to all network interfaces without any authentication. The product exposes a service that is intended for local only to all network interfaces without any authentication. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3982
https://notcve.org/view.php?id=CVE-2024-3982
27 Aug 2024 — An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already es... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3980
https://notcve.org/view.php?id=CVE-2024-3980
27 Aug 2024 — The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application. The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or m... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4872
https://notcve.org/view.php?id=CVE-2024-4872
27 Aug 2024 — A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28024
https://notcve.org/view.php?id=CVE-2024-28024
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. Existe una vulnerabilidad en FOXMAN-UN/UNEM en la que información confidencial se almacena en texto plano dentro de un recurso que podría ser accesible a otra esfera de control. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28022
https://notcve.org/view.php?id=CVE-2024-28022
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objeti... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2011
https://notcve.org/view.php?id=CVE-2024-2011
11 Jun 2024 — A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy Existe una vulnerabilidad de desbordamiento de búfer basada en montón en FOXMAN-UN/UNEM que, si se explota, generalmente conducirá a una denegación de servicio, pero puede usarse para ejecutar código arbitrario, lo que generalmente está fuera del alcance de la ... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-2462
https://notcve.org/view.php?id=CVE-2024-2462
11 Jun 2024 — Allow attackers to intercept or falsify data exchanges between the client and the server Permitir a los atacantes interceptar o falsificar los intercambios de datos entre el cliente y el servidor. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000198&languageCode=en&Preview=true • CWE-297: Improper Validation of Certificate with Host Mismatch •