We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-4872



Description

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Reserved 2024-05-14 | Published 2024-08-27 | Updated 2024-10-29 | Assigner Hitachi Energy


CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

MicroSCADA X SYS600

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

MicroSCADA Pro SYS600

Problem types

CWE-943 Improper Neutralization of Special Elements in Data Query Logic

Product status

Default status
unaffected

10.0
affected

Default status
unaffected

9.4 FP2 HF1
affected

References

publisher.hitachienergy.com/...DocumentPartId=&Action=Launch vendor-advisory

cve.org (CVE-2024-4872)

nvd.nist.gov (CVE-2024-4872)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-4872

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.