CVE-2022-3388

2022-11-2119:15:13

CWE-20

[email protected]

web.nvd.nist.gov

cve-2022-3388

input validation

microscada pro

microscada x sys600

remote code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

32.6%

JSON

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user’s role.

Affected configurations

Nvd

Node

hitachienergymicroscada_pro_sys600Match9.0

hitachienergymicroscada_pro_sys600Match9.1

hitachienergymicroscada_pro_sys600Match9.2

hitachienergymicroscada_pro_sys600Match9.3

hitachienergymicroscada_pro_sys600Match9.4

hitachienergymicroscada_x_sys600Match10

hitachienergymicroscada_x_sys600Match10.1

hitachienergymicroscada_x_sys600Match10.1.1

hitachienergymicroscada_x_sys600Match10.2

hitachienergymicroscada_x_sys600Match10.2.1

hitachienergymicroscada_x_sys600Match10.3

hitachienergymicroscada_x_sys600Match10.3.1

hitachienergymicroscada_x_sys600Match10.4

VendorProductVersionCPE
hitachienergymicroscada_pro_sys6009.0cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*
hitachienergymicroscada_pro_sys6009.1cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*
hitachienergymicroscada_pro_sys6009.2cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*
hitachienergymicroscada_pro_sys6009.3cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*
hitachienergymicroscada_pro_sys6009.4cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*
hitachienergymicroscada_x_sys60010cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*
hitachienergymicroscada_x_sys60010.1cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*
hitachienergymicroscada_x_sys60010.1.1cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*
hitachienergymicroscada_x_sys60010.2cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*
hitachienergymicroscada_x_sys60010.2.1cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachienergy	microscada_pro_sys600	9.0	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:::::::*
hitachienergy	microscada_pro_sys600	9.1	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:::::::*
hitachienergy	microscada_pro_sys600	9.2	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:::::::*
hitachienergy	microscada_pro_sys600	9.3	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:::::::*
hitachienergy	microscada_pro_sys600	9.4	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:::::::*
hitachienergy	microscada_x_sys600	10	cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::*
hitachienergy	microscada_x_sys600	10.1	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::*
hitachienergy	microscada_x_sys600	10.1.1	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::*
hitachienergy	microscada_x_sys600	10.2	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::*
hitachienergy	microscada_x_sys600	10.2.1	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::*