Hitachienergy: >> Microscada X Sys600 >> 10.3.1 Security Vulnerabilities
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-24
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-06-24
A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-06-24
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-24
The product exposes a service that is intended for local only to
all network interfaces without any authentication.
CVSS Score
8.3
EPSS Score
0.006
Published
2024-08-27
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.
CVSS Score
9.9
EPSS Score
0.007
Published
2024-08-27
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level
is not enabled and only users with administrator rights can enable it.
CVSS Score
8.2
EPSS Score
0.001
Published
2024-08-27
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability
an attacker must have a valid credential.
CVSS Score
9.9
EPSS Score
0.005
Published
2024-08-27
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-21
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected connection is left open. This issue affects: Hitachi Energy MicroSCADA Pro SYS600 version 9.4 FP2 Hotfix 4 and earlier versions Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
CVSS Score
5.3
EPSS Score
0.003
Published
2022-09-14
Page 1