Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: MicroSCADA Pro/X SYS600
Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Authentication Bypass by Capture-replay, Missing Authentication for Critical Function, URL Redirection to Untrusted Site ('Open Redirect')
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to inject code towards persistent data, manipulate the file system, hijack a session, or engage in phishing attempts against users.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Hitachi Energy products are affected:
Hitachi Energy MicroSCADA Pro/X SYS600: Version 10.0 to Version 10.5 (CVE-2024-4872, CVE-2024-3980, CVE-2024-3982, CVE-2024-7941)
Hitachi Energy MicroSCADA Pro/X SYS600: Version 10.2 to Version 10.5 (CVE-2024-7940)
Hitachi Energy MicroSCADA Pro/X SYS600: Version 10.5 (CVE-2024-7941)
Hitachi Energy MicroSCADA Pro/X SYS600: Version 9.4 FP1 (CVE-2024-3980)
Hitachi Energy MicroSCADA Pro/X SYS600: Version 9.4 FP2 HF1 to Version 9.4 FP2 HF5 (CVE-2024-4872, CVE-2024-3980)
3.2 Vulnerability Overview
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN DATA QUERY LOGIC CWE-943
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker ...
November 27th, 2024 (5 months ago)
|
|
|
Description: Kaspersky experts describe an Elpaco ransomware sample, a Mimic variant, which abuses the Everything search system for Windows and provides custom features via a GUI.
November 27th, 2024 (5 months ago)
|
|
|
Description: Kaspersky experts look back on their expectations about the 2024 privacy and consumer cyberthreats trends and try to predict what to expect in 2025.
November 27th, 2024 (5 months ago)
|
|
|
Description: Imagine your car gossiping to insurance companies about your lead foot, or data brokers peddling your daily coffee run. Welcome to the world of connected cars, where convenience and privacy are locked in a head-on collision.
November 27th, 2024 (5 months ago)
|
|
|
Description: Findings reveal growing cybersecurity risks in ecommerce, exposing vulnerabilities in PII handling and lack of basic security protections like HTTPS and WAFs
November 27th, 2024 (5 months ago)
|
|
|
Description: Protection ranged from 0.38% to 50.57% for security effectiveness.
November 27th, 2024 (5 months ago)
|
|
|
Description: Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.
November 27th, 2024 (5 months ago)
|
|
|
Description: Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.
November 27th, 2024 (5 months ago)
|
|
|
Description: The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
November 27th, 2024 (5 months ago)
|
|
|
Description: New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.
November 27th, 2024 (5 months ago)
|