CVE-2024-3980

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_1:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*

History

30 Oct 2024, 15:33

Type Values Removed Values Added
CPE cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_1:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*
cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*
First Time Hitachienergy microscada Pro Sys600
CWE CWE-88

29 Oct 2024, 14:15

Type Values Removed Values Added
Summary (en) The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application. (en) The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.

30 Aug 2024, 16:15

Type Values Removed Values Added
CWE CWE-22

28 Aug 2024, 16:32

Type Values Removed Values Added
Summary
  • (es) El producto permite que el usuario controle o influya en las rutas o nombres de archivos que se utilizan en las operaciones del sistema de archivos, lo que permite al atacante acceder o modificar archivos del sistema u otros archivos que son críticos para la aplicación.
First Time Hitachienergy
Hitachienergy microscada X Sys600
CVSS v2 : unknown
v3 : 9.9
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
References () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-10-30 15:33


NVD link : CVE-2024-3980

Mitre link : CVE-2024-3980

CVE.ORG link : CVE-2024-3980


JSON object : View

Products Affected

hitachienergy

  • microscada_x_sys600
  • microscada_pro_sys600
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')