CVE-2024-3980

{"id": "CVE-2024-3980", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2024-08-27T13:15:05.210", "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["Vendor Advisory"], "source": "cybersecurity@hitachienergy.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "cybersecurity@hitachienergy.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."}, {"lang": "es", "value": "El producto permite que el usuario controle o influya en las rutas o nombres de archivos que se utilizan en las operaciones del sistema de archivos, lo que permite al atacante acceder o modificar archivos del sistema u otros archivos que son cr\u00edticos para la aplicaci\u00f3n."}], "lastModified": "2024-10-30T15:33:12.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC4CE02B-F8CF-4A9E-B9FC-AEFE59F4BCE2"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B90ED6E-68E4-4C14-B275-F44BAC1B9C5C"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "196E08EA-807C-4B7B-981A-96D106AC328B"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680FAE83-9D7A-4AD9-AFBE-480FD105ADC9"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "014C8428-8F88-4C3D-B9B1-87DE26867471"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AFA271-0785-4526-B7DA-FA00672CC5B5"}, {"criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEAAFA90-ACFF-47E2-A23D-728912D74B99", "versionEndExcluding": "10.6", "versionStartIncluding": "10.0"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@hitachienergy.com"}