CVE-2024-4872
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hitachi Energy | MicroSCADA X SYS600 | 10.0 <= 10.5 | affected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.3 vulnerability patch 2025_01 | unaffected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.4 vulnerability patch 2025_01 | unaffected |
| Hitachi Energy | MicroSCADA X SYS600 | 10.5 vulnerability patch 2025_01 | unaffected |
| Hitachi Energy | MicroSCADA Pro SYS600 | 9.4 FP2 HF1 <= 9.4 FP2 HF5 | affected |
Weaknesses
- CWE-943: CWE-943 Improper Neutralization of Special Elements in Data Query Logic
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.