Lucene search

Hitachi EnergyVULNRICHMENT:CVE-2024-3980

HistoryAug 27, 2024 - 12:42 p.m.

CVE-2024-3980

2024-08-2712:42:41

CWE-22

Hitachi Energy

github.com

cve-2024-3980

user input control

filesystem operations

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

The product allows user input to control or influence paths or file
names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are
critical to the application.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"
    ],
    "vendor": "hitachienergy",
    "product": "microscada_sys600",
    "versions": [
      {
        "status": "affected",
        "version": "10.0",
        "versionType": "custom",
        "lessThanOrEqual": "10.5"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

19.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-3980