Vulnerabilidades em Hitachi Energy
105 resultadosCVE-2024-3980CRITICALThe MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystEPSS 0.6%CVE-2024-2012CRITICALvulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or
codEPSS 0.6%CVE-2022-4608HIGHA vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can onlyEPSS 0.6%CVE-2022-3927HIGHThe affected products store public and private key that are used to sign and protect custom parameter set files from modification.EPSS 0.6%CVE-2024-1532MEDIUMA vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor couEPSS 0.6%CVE-2021-35535HIGHInsufficient Security Control VulnerabilityEPSS 0.6%CVE-2022-29490HIGHA vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.EPSS 0.5%CVE-2024-7940HIGHThe product exposes a service that is intended for local only to
all network interfaces without any authentication.EPSS 0.5%CVE-2022-2502HIGHA vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can EPSS 0.5%CVE-2023-4816MEDIUMA vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. EPSS 0.5%CVE-2024-2461MEDIUMIf exploited an attacker could traverse the file system to access
files or directories that would otherwise be inaccessibleEPSS 0.5%CVE-2024-4872CRITICALA vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attackEPSS 0.5%CVE-2023-2621MEDIUM
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer
systEPSS 0.5%CVE-2022-3683HIGHSDM600 API web services authorization validationEPSS 0.5%CVE-2024-2011HIGHA heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that
if exploited will generally lead to a denial of service but canEPSS 0.5%CVE-2024-2097HIGHAn authenticated malicious client can send a special LINQ query
to execute arbitrary code remotely (RCE) on the SCM server
from List controlEPSS 0.5%CVE-2024-1531HIGHA vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor couEPSS 0.4%CVE-2023-2625CRITICALA vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, haviEPSS 0.4%CVE-2023-5768MEDIUMA vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below.
Incomplete or wrong receiveEPSS 0.4%CVE-2026-1773HIGHIEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 6EPSS 0.4%