CVE-2022-3388

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1	Vendor Advisory
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:::::::*
	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:::::::*
	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:::::::*
	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:::::::*
	cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:::::::*
	cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:::::::*

History

21 Nov 2024, 07:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 8.8
References	~~() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1 - Vendor Advisory~~	() https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1 - Vendor Advisory

28 Nov 2022, 15:27

Type	Values Removed	Values Added
References	~~(MISC) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1 -~~	(MISC) https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1 - Vendor Advisory
CWE		CWE-20
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:a:abb:microscada_pro_sys600:9.4:-:::::: cpe:2.3:a:abb:microscada_pro_sys600:9.4:fixpack_1:::::: cpe:2.3:o:abb:microscada_pro_sys600:::::::: cpe:2.3:a:abb:microscada_pro_sys600:::::::: cpe:2.3:h:abb:microscada_pro_sys600:-:::::::* cpe:2.3:a:abb:microscada_pro_sys600:9.4:fixpack_2::::::

21 Nov 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-21 19:15

Updated : 2024-11-21 07:19

NVD link : CVE-2022-3388

Mitre link : CVE-2022-3388

CVE.ORG link : CVE-2022-3388

JSON object : View

Products Affected

hitachienergy

microscada_pro_sys600
microscada_x_sys600

CWE

CWE-20

Improper Input Validation

8.8 /10