CVE-2024-7941

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hitachienergy:microscada_x_sys600:10.5:*:*:*:*:*:*:*

History

30 Oct 2024, 15:29

Type Values Removed Values Added
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.5:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 4.3

28 Aug 2024, 16:09

Type Values Removed Values Added
First Time Hitachienergy
Hitachienergy microscada X Sys600
Summary
  • (es) Un parámetro HTTP puede contener un valor de URL y podría hacer que la aplicación web redirija la solicitud a la URL especificada. Al modificar el valor de la URL de un sitio malicioso, un atacante puede iniciar con éxito una estafa de phishing y robar las credenciales del usuario.
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:*
References () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - () https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory

27 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-27 13:15

Updated : 2024-10-30 15:29


NVD link : CVE-2024-7941

Mitre link : CVE-2024-7941

CVE.ORG link : CVE-2024-7941


JSON object : View

Products Affected

hitachienergy

  • microscada_x_sys600
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')