CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7941
https://notcve.org/view.php?id=CVE-2024-7941
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7940
https://notcve.org/view.php?id=CVE-2024-7940
The product exposes a service that is intended for local only to all network interfaces without any authentication. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3982
https://notcve.org/view.php?id=CVE-2024-3982
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •