CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9928
https://notcve.org/view.php?id=CVE-2024-9928
26 Nov 2024 — A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. A vulnerability exists in NSD570 login panel that does not restrict ex... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000173&LanguageCode=en&DocumentPartId=&Action=launch • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41156
https://notcve.org/view.php?id=CVE-2024-41156
29 Oct 2024 — Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41153
https://notcve.org/view.php?id=CVE-2024-41153
29 Oct 2024 — Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to ... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000147&LanguageCode=en&DocumentPartId=&Action=launch • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7941
https://notcve.org/view.php?id=CVE-2024-7941
27 Aug 2024 — An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7940
https://notcve.org/view.php?id=CVE-2024-7940
27 Aug 2024 — The product exposes a service that is intended for local only to all network interfaces without any authentication. The product exposes a service that is intended for local only to all network interfaces without any authentication. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3982
https://notcve.org/view.php?id=CVE-2024-3982
27 Aug 2024 — An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already es... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3980
https://notcve.org/view.php?id=CVE-2024-3980
27 Aug 2024 — The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application. The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or m... • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4872
https://notcve.org/view.php?id=CVE-2024-4872
27 Aug 2024 — A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28024
https://notcve.org/view.php?id=CVE-2024-28024
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. Existe una vulnerabilidad en FOXMAN-UN/UNEM en la que información confidencial se almacena en texto plano dentro de un recurso que podría ser accesible a otra esfera de control. • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28022
https://notcve.org/view.php?id=CVE-2024-28022
11 Jun 2024 — A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. Existe una vulnerabilidad en el servidor/APIGateway de FOXMAN-UN/UNEM que, si se explota, permite a un usuario malintencionado realizar un número arbitrario de intentos de autenticación utilizando diferentes contraseñas y, finalmente, obtener acceso a la cuenta objeti... • https://publisher.hitachienergy.com/preview?DocumentId=8DBD000194&languageCode=en&Preview=true • CWE-307: Improper Restriction of Excessive Authentication Attempts •