Lucene search

Hitachi EnergyCVE-2024-3980

HistoryAug 27, 2024 - 1:15 p.m.

CVE-2024-3980

2024-08-2713:15:05

CWE-88

CWE-22

Hitachi Energy

web.nvd.nist.gov

user input

file system operations

unauthorized access

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

The product allows user input to control or influence paths or file
names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are
critical to the application.

Affected configurations

Nvd

Node

hitachienergymicroscada_x_sys600Range<10.6

VendorProductVersionCPE
hitachienergymicroscada_x_sys600*cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	microscada_x_sys600	*	cpe:2.3:a:hitachienergy:microscada_x_sys600::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MicroSCADA SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "lessThanOrEqual": "10.5",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      }
    ]
  }
]

References

publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

Related for CVE-2024-3980