CVE-2022-29490
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 | 10 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.1.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.2 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.2.1 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3.1 | affected |
Weaknesses
- CWE-285: CWE-285 Improper Authorization
Workarounds
Apply general mitigation factors as specify in the advisory.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.