CVE-2024-4872

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

History

30 Oct 2024, 15:31

Type Values Removed Values Added
First Time Hitachienergy microscada Pro Sys600
CPE cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*
CWE CWE-89 NVD-CWE-Other
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 8.8

29 Oct 2024, 14:15

Type Values Removed Values Added
Summary (en) The product does not validate any query towards persistent data, resulting in a risk of injection attacks. (en) A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

05 Sep 2024, 09:15

Type Values Removed Values Added
CWE CWE-943

28 Aug 2024, 16:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.9
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
First Time Hitachienergy microscada X Sys600
Hitachienergy
References () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory
Summary
  • (es) El producto no valida ninguna consulta sobre datos persistentes, lo que genera riesgo de ataques de inyección.

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-10-30 15:31


NVD link : CVE-2024-4872

Mitre link : CVE-2024-4872

CVE.ORG link : CVE-2024-4872


JSON object : View

Products Affected

hitachienergy

  • microscada_x_sys600
  • microscada_pro_sys600
CWE
NVD-CWE-Other CWE-943

Improper Neutralization of Special Elements in Data Query Logic