Lucene search

[email protected]CVE-2022-3388

HistoryNov 21, 2022 - 7:15 p.m.

CVE-2022-3388

2022-11-2119:15:13

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-3388

input validation

vulnerability

microscada pro

microscada x sys600

authenticated user

administrator

remote code execution

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.6%

JSON

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.

Affected configurations

NVD

Node

hitachienergymicroscada_pro_sys600Match9.0

hitachienergymicroscada_pro_sys600Match9.1

hitachienergymicroscada_pro_sys600Match9.2

hitachienergymicroscada_pro_sys600Match9.3

hitachienergymicroscada_pro_sys600Match9.4

hitachienergymicroscada_x_sys600Match10

hitachienergymicroscada_x_sys600Match10.1

hitachienergymicroscada_x_sys600Match10.1.1

hitachienergymicroscada_x_sys600Match10.2

hitachienergymicroscada_x_sys600Match10.2.1

hitachienergymicroscada_x_sys600Match10.3

hitachienergymicroscada_x_sys600Match10.3.1

hitachienergymicroscada_x_sys600Match10.4

CPENameOperatorVersion
hitachienergy:microscada_pro_sys600hitachienergy microscada pro sys600eq9.0
hitachienergy:microscada_pro_sys600hitachienergy microscada pro sys600eq9.1
hitachienergy:microscada_pro_sys600hitachienergy microscada pro sys600eq9.2
hitachienergy:microscada_pro_sys600hitachienergy microscada pro sys600eq9.3
hitachienergy:microscada_pro_sys600hitachienergy microscada pro sys600eq9.4
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600eq10
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600eq10.1
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600eq10.1.1
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600eq10.2
hitachienergy:microscada_x_sys600hitachienergy microscada x sys600eq10.2.1

CPE	Name	Operator	Version
hitachienergy:microscada_pro_sys600	hitachienergy microscada pro sys600	eq	9.0
hitachienergy:microscada_pro_sys600	hitachienergy microscada pro sys600	eq	9.1
hitachienergy:microscada_pro_sys600	hitachienergy microscada pro sys600	eq	9.2
hitachienergy:microscada_pro_sys600	hitachienergy microscada pro sys600	eq	9.3
hitachienergy:microscada_pro_sys600	hitachienergy microscada pro sys600	eq	9.4
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	eq	10
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	eq	10.1
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	eq	10.1.1
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	eq	10.2
hitachienergy:microscada_x_sys600	hitachienergy microscada x sys600	eq	10.2.1

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MicroSCADA Pro SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MicroSCADA X SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]