CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39204
https://notcve.org/view.php?id=CVE-2025-39204
24 Jun 2025 — A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39203
https://notcve.org/view.php?id=CVE-2025-39203
24 Jun 2025 — A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39202
https://notcve.org/view.php?id=CVE-2025-39202
24 Jun 2025 — A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39201
https://notcve.org/view.php?id=CVE-2025-39201
24 Jun 2025 — A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-276: Incorrect Default Permissions •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2403
https://notcve.org/view.php?id=CVE-2025-2403
24 Jun 2025 — A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000216&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2025-1718
https://notcve.org/view.php?id=CVE-2025-1718
24 Jun 2025 — An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. • https://github.com/issamjr/CVE-2025-1718-Scanner • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2500
https://notcve.org/view.php?id=CVE-2025-2500
30 May 2025 — A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1484
https://notcve.org/view.php?id=CVE-2025-1484
30 May 2025 — A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27631
https://notcve.org/view.php?id=CVE-2025-27631
25 Mar 2025 — The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27633
https://notcve.org/view.php?id=CVE-2025-27633
25 Mar 2025 — The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •