CVE-2024-4872

Summary

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyMicroSCADA X SYS60010.0 <= 10.5affected
Hitachi EnergyMicroSCADA X SYS60010.3 vulnerability patch 2025_01unaffected
Hitachi EnergyMicroSCADA X SYS60010.4 vulnerability patch 2025_01unaffected
Hitachi EnergyMicroSCADA X SYS60010.5 vulnerability patch 2025_01unaffected
Hitachi EnergyMicroSCADA Pro SYS6009.4 FP2 HF1 <= 9.4 FP2 HF5affected

Weaknesses

  • CWE-943: CWE-943 Improper Neutralization of Special Elements in Data Query Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References