Hitachienergy Security Vulnerabilities
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denia...
7.5CVSS
7.4AI Score
0.001EPSS
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a denial-of-service on the IE...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. ...
7.5CVSS
7.3AI Score
0.008EPSS
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADAPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
8.8CVSS
7.8AI Score
0.001EPSS
A vulnerability exists in the SDM600 file permission validation.An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to ...
9.9CVSS
8.7AI Score
0.001EPSS
A vulnerability exists in the SDM600 API web services authorization validation implementation.An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue affects: ...
7.7CVSS
7.3AI Score
0.001EPSS
A vulnerability exists in a SDM600 endpoint.An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) L...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs: c...
7.5CVSS
7AI Score
0.001EPSS
A vulnerability exists in a SDM600 endpoint.An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive.This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) L...
9.1CVSS
9AI Score
0.001EPSS
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation.An attacker could exploit the vulnerability by first gaining access tothe system with security privileges and atte...
4.5CVSS
4.6AI Score
0.0004EPSS
The affected products store both public and private key that are used to sign andprotect Custom Parameter Set (CPS) file from modification. An attacker that manages to exploit this vulnerability will be able to changethe CPS file, sign it so that it is trusted as the legitimate CPS file. This issue...
9.8CVSS
9.3AI Score
0.002EPSS
Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, ...
7.1CVSS
5.4AI Score
0.0004EPSS
Communication between the client and the server application of the affected products is partially done using CORBA (Common Object Request Broker Architecture) over TCP/IP. This protocol is not encrypted and allows tracing of internal messages. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, F...
9.8CVSS
9.4AI Score
0.002EPSS
A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of se...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate th...
7.5CVSS
7.1AI Score
0.0005EPSS
A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements.If exploited an attacker could obtain confidential information. List of CPEs: cpe:2.3:a:hitachienergy:foxman_un:R9C:: :: :: :* cpe:2.3:a:hitachienergy:fox...
4.4CVSS
4.8AI Score
0.001EPSS
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computersystem. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An auth...
6.5CVSS
6.4AI Score
0.0005EPSS
Authenticated clients can read arbitrary files on the MAIN Computersystem using the remote procedure call (RPC) of the InspectSetupservice endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.
4.3CVSS
4.8AI Score
0.0004EPSS
A vulnerability exists in the input validation of the GOOSEmessages where out of range values received and processedby the IED caused a reboot of the device. In order for anattacker to exploit the vulnerability, goose receiving blocks needto be configured.
7.5CVSS
6.9AI Score
0.0005EPSS
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and e...
8.8CVSS
8.7AI Score
0.001EPSS
The response messages received from the eSOMS report generation using certain parameter queries with full file path can beabused for enumerating the local file system structure.
5.3CVSS
5.3AI Score
0.0005EPSS
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks againstweb servers and deployed web applications.
5.3CVSS
5.2AI Score
0.0005EPSS
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosinginformation about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details ...
5.3CVSS
5.2AI Score
0.0005EPSS
A vulnerability exists in the webserver that affects theRTU500 series product versions listed below. A maliciousactor could perform cross-site scripting on the webserverdue to an RDT language file being improperly sanitized.
6.1CVSS
5.9AI Score
0.0005EPSS
A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.Incomplete or wrong received APDU frame layout maycause blocking on link layer. Error reason was an endless blocking when reading incoming frames on link layerwith wrong length information...
6.1CVSS
6.1AI Score
0.0005EPSS
A vulnerability exists in the webserver that affects theRTU500 series product versions listed below. A maliciousactor could perform cross-site scripting on the webserverdue to user input being improperly sanitized.
6.1CVSS
5.9AI Score
0.0005EPSS
Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU50...
7.5CVSS
7.6AI Score
0.0005EPSS
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM thatif exploited will generally lead to a denial of service but can be usedto execute arbitrary code, which is usually outside the scope of aprogram's implicit security policy
9.8CVSS
8.8AI Score
0.001EPSS
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands orcode to be executed on the UNEM server allowing sensitive data tobe read or modified or could cause other unintended behavior
9.8CVSS
9.2AI Score
0.001EPSS
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /API Gateway component that if exploited allows attackers withoutany access to interact with the services and the post-authenticationattack surface.
10CVSS
9.6AI Score
0.001EPSS
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious usercould use the passwords and login information to extend access onthe server and other services.
9.9CVSS
6.6AI Score
0.001EPSS
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the messagequeueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentialityand integrity.
8CVSS
7.7AI Score
0.001EPSS
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway thatif exploited allows a malicious user to perform an arbitrary numberof authentication attempts using different passwords, andeventually gain access to the targeted account.
6.5CVSS
7.3AI Score
0.0005EPSS
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information isstored in cleartext within a resource that might be accessible to another control sphere.
4.1CVSS
3.4AI Score
0.0004EPSS
The product allows user input to control or influence paths or filenames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that arecritical to the application.
9.9CVSS
7.1AI Score
0.0005EPSS
An attacker with local access to machine where MicroSCADA XSYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging levelis not enabled and only users with administrator rig...
8.2CVSS
6.8AI Score
0.0004EPSS
The product does not validate any query towards persistentdata, resulting in a risk of injection attacks.
9.9CVSS
7.5AI Score
0.001EPSS
The product exposes a service that is intended for local only toall network interfaces without any authentication.
9.8CVSS
6.9AI Score
0.001EPSS
An HTTP parameter may contain a URL value and could causethe web application to redirect the request to the specified URL.By modifying the URL value to a malicious site, an attacker maysuccessfully launch a phishing scam and steal user credentials.
6.1CVSS
6.9AI Score
0.0005EPSS