3 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

The product exposes a service that is intended for local only to all network interfaces without any authentication. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-294: Authentication Bypass by Capture-replay •