Lucene search

Cve.mitre.orgCVELIST:CVE-2022-3388

HistoryNov 21, 2022 - 12:00 a.m.

CVE-2022-3388 Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products

2022-11-2100:00:00

CWE-20

cve.mitre.org

www.cve.org

hitachi energy

microscada pro

microscada x sys600

input validation

vulnerability

monitor pro

administrator

remote code execution

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.6%

JSON

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MicroSCADA Pro SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MicroSCADA X SYS600",
    "vendor": "Hitachi Energy",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.6%

JSON

Related for CVELIST:CVE-2022-3388