Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Published

2024-08-27T13:15:05.890

Last Modified

2024-10-30T15:31:41.743

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.9 (CRITICAL)

Weaknesses

Type: Secondary
CWE-943
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachienergy	microscada_pro_sys600	9.4	Yes
Application	hitachienergy	microscada_pro_sys600	9.4	Yes
Application	hitachienergy	microscada_pro_sys600	9.4	Yes
Application	hitachienergy	microscada_pro_sys600	9.4	Yes
Application	hitachienergy	microscada_pro_sys600	9.4	Yes
Application	hitachienergy	microscada_x_sys600	< 10.6	Yes

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory ([email protected])