Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600



Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2024-4872
CVE-2024-3980
CVE-2024-3982
CVE-2024-7941
CVE-2024-7940
CWE-ID CWE-943
CWE-22
CWE-294
CWE-601
CWE-306
Exploitation vector Network
Public exploit N/A
Vulnerable software
MicroSCADA X SYS600
Server applications / SCADA systems

Vendor Hitachi Energy

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Improper Neutralization of Special Elements in Data Query Logic

EUVDB-ID: #VU100985

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-4872

CWE-ID: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient query validation. A remote user can execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.0.0 - 10.5

CPE2.3 External links

http://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU100987

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3980

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a local user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can send a specially crafted HTTP request and access or modify arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.0.0 - 10.5

CPE2.3 External links

http://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Authentication Bypass by Capture-replay

EUVDB-ID: #VU100988

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3982

CWE-ID: CWE-294 - Authentication Bypass by Capture-replay

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to authentication bypass by capture-replay. A local administrator can exploit a session hijacking of an already established session.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.0.0 - 10.5

CPE2.3 External links

http://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Open redirect

EUVDB-ID: #VU100989

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-7941

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.5

CPE2.3 External links

http://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Missing Authentication for Critical Function

EUVDB-ID: #VU100990

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-7940

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product exposes a service that is intended for local only to all network interfaces without any authentication. A remote attacker can gain access to the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.2 - 10.5

CPE2.3 External links

http://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch
http://www.cisa.gov/news-events/ics-advisories/icsa-24-331-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###