CVE-2024-3982

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

History

28 Aug 2024, 16:30

Type Values Removed Values Added
Summary
  • (es) Un atacante con acceso local a la máquina donde está instalado MicroSCADA X SYS600, podría habilitar el registro de sesiones que soporta el producto e intentar explotar un secuestro de sesión de una sesión ya establecida. De forma predeterminada, el nivel de registro de sesión no está habilitado y solo los usuarios con derechos de administrador pueden habilitarlo.
First Time Hitachienergy microscada X Sys600
Hitachienergy
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
References () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-10-30 15:32


NVD link : CVE-2024-3982

Mitre link : CVE-2024-3982

CVE.ORG link : CVE-2024-3982


JSON object : View

Products Affected

hitachienergy

  • microscada_x_sys600
CWE
CWE-294

Authentication Bypass by Capture-replay