CVE-2022-2277 – A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...
https://notcve.org/view.php?id=CVE-2022-2277
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Se presenta una vulnerabilidad de comprobación de entrada inapropiada en la pila ICCP de Hitachi Energy MicroSCADA X SYS600 durante el establecimiento de la comunicación ICCP que causa una denegación de servicio cuando es solicitado a ICCP de SYS600 que reenvíe cualquier actualización de elementos de datos con marcas de tiempo demasiado distantes en el futuro a cualquier sistema ICCP remoto. Por defecto, ICCP no está configurado ni habilitado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versión 10.2 a versión 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10. 2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch https://publisher.hitachienergy.com/preview?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2022-29490 – A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.
https://notcve.org/view.php?id=CVE-2022-29490
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* Se presenta una vulnerabilidad de Autorización Inapropiada en la WebUI de Workplace X de Hitachi Energy MicroSCADA X SYS600 que permite a un usuario autenticado ejecutar cualquier script interno de MicroSCADA independientemente del rol del usuario autenticado. Este problema afecta: Hitachi Energy MicroSCADA X SYS600 versiones 10 hasta 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:cpe:2. 3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-285: Improper Authorization •
CVE-2019-5620 – ABB MicroSCADA Pro SYS600 Missing Authentication for Critical Function
https://notcve.org/view.php?id=CVE-2019-5620
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function. ABB MicroSCADA Pro SYS600 versión 9.3, sufre de una instancia CWE-306: Falta de Autenticación para una Función Crítica. • https://www.rapid7.com/db/modules/exploit/windows/scada/abb_wserver_exec • CWE-306: Missing Authentication for Critical Function •
CVE-2018-1168 – ABB MicroSCADA Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1168
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. • https://library.e.abb.com/public/7a88a74b12bb492ea138b1f2365d00f6/ABBVU-PGGA-33888_ABB_SoftwareVulnerabilityHandlingAdvisory_Rev_A.pdf?x-sign=MJfu9cHtRUUubpLAYzyWFTmW5W+mg3kZ/nm7F/Jw5HlFTQf4eNyfLAgE8HozRJEC https://zerodayinitiative.com/advisories/ZDI-18-141 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •