CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39205
https://notcve.org/view.php?id=CVE-2025-39205
24 Jun 2025 — A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-295: Improper Certificate Validation •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39204
https://notcve.org/view.php?id=CVE-2025-39204
24 Jun 2025 — A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39203
https://notcve.org/view.php?id=CVE-2025-39203
24 Jun 2025 — A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39202
https://notcve.org/view.php?id=CVE-2025-39202
24 Jun 2025 — A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-269: Improper Privilege Management •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39201
https://notcve.org/view.php?id=CVE-2025-39201
24 Jun 2025 — A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-276: Incorrect Default Permissions •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2403
https://notcve.org/view.php?id=CVE-2025-2403
24 Jun 2025 — A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000216&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2025-1718
https://notcve.org/view.php?id=CVE-2025-1718
24 Jun 2025 — An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management. • https://github.com/issamjr/CVE-2025-1718-Scanner • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-2500
https://notcve.org/view.php?id=CVE-2025-2500
30 May 2025 — A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-256: Plaintext Storage of a Password •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1484
https://notcve.org/view.php?id=CVE-2025-1484
30 May 2025 — A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000212&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1531 – Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint OVF
https://notcve.org/view.php?id=CVE-2025-1531
16 May 2025 — Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00. • https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html • CWE-1392: Use of Default Credentials •