CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3980
https://notcve.org/view.php?id=CVE-2024-3980
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4872
https://notcve.org/view.php?id=CVE-2024-4872
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-943: Improper Neutralization of Special Elements in Data Query Logic •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-3388 – Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products
https://notcve.org/view.php?id=CVE-2022-3388
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. Existe una vulnerabilidad de validación de entrada en la interfaz Monitor Pro de MicroSCADA Pro y MicroSCADA X SYS600. Un usuario autenticado puede iniciar una ejecución remota de código a nivel de administrador independientemente de la función del usuario autenticado. • https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1 • CWE-20: Improper Input Validation •