CVE-2024-4872

Published: Aug 27, 2024Modified: Oct 30, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Affected (6)

Products: Hitachienergy: Microscada Pro Sys600, Microscada X Sys600

Hitachienergy

2 products

Microscada Pro Sys600

Microscada X Sys600

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hitachienergy Microscada Pro Sys600	Version 9.4 fixpack_2_hf1
Hitachienergy Microscada Pro Sys600	Version 9.4 fixpack_2_hf2
Hitachienergy Microscada Pro Sys600	Version 9.4 fixpack_2_hf3
Hitachienergy Microscada Pro Sys600	Version 9.4 fixpack_2_hf4
Hitachienergy Microscada Pro Sys600	Version 9.4 fixpack_2_hf5
Hitachienergy Microscada X Sys600	From 10.0 to 10.6

Related CWEs

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References (1)

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

Source: cybersecurity@hitachienergy.com

Vendor Advisory

Timeline

No history available yet.