CVE-2024-3980

EUVD-2024-32546
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Hitachi EnergyCNA
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
hitachienergymicroscada_pro_sys600
9.4:fixpack_1
hitachienergymicroscada_pro_sys600
9.4:fixpack_2_hf1
hitachienergymicroscada_pro_sys600
9.4:fixpack_2_hf2
hitachienergymicroscada_pro_sys600
9.4:fixpack_2_hf3
hitachienergymicroscada_pro_sys600
9.4:fixpack_2_hf4
hitachienergymicroscada_pro_sys600
9.4:fixpack_2_hf5
hitachienergymicroscada_x_sys600
10.0 ≤
𝑥
< 10.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch