CVE-2022-29490

Summary

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMicroSCADA X SYS60010affected
Hitachi EnergyMicroSCADA X SYS60010.1affected
Hitachi EnergyMicroSCADA X SYS60010.1.1affected
Hitachi EnergyMicroSCADA X SYS60010.2affected
Hitachi EnergyMicroSCADA X SYS60010.2.1affected
Hitachi EnergyMicroSCADA X SYS60010.3affected
Hitachi EnergyMicroSCADA X SYS60010.3.1affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

Workarounds

Apply general mitigation factors as specify in the advisory.

ADP Enrichment

CVE Program Container

Additional References

References