An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level
is not enabled and only users with administrator rights can enable it.
References
Link | Resource |
---|---|
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch | Vendor Advisory |
Configurations
History
28 Aug 2024, 16:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Hitachienergy microscada X Sys600
Hitachienergy |
|
CPE | cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* | |
References | () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory |
27 Aug 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-27 13:15
Updated : 2024-10-30 15:32
NVD link : CVE-2024-3982
Mitre link : CVE-2024-3982
CVE.ORG link : CVE-2024-3982
JSON object : View
Products Affected
hitachienergy
- microscada_x_sys600
CWE
CWE-294
Authentication Bypass by Capture-replay