Skip to main content

Microscada X Sys600 CVE-2024-7940

CRITICAL
Missing Authentication for Critical Function (CWE-306)
2024-08-27 cybersecurity@hitachienergy.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 27, 2024 - 13:15 nvd
CRITICAL 9.8

DescriptionNVD

The product exposes a service that is intended for local only to all network interfaces without any authentication.

AnalysisAI

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. The product exposes a service that is intended for local only to all network interfaces without any authentication. Affected products include: Hitachienergy Microscada X Sys600.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2024-4872 HIGH
8.8 Aug 27

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), t

CVE-2024-3980 HIGH
8.8 Aug 27

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that

CVE-2022-29490 HIGH
8.8 Sep 12

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an

CVE-2024-3982 HIGH
8.2 Aug 27

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging suppor

CVE-2022-3388 HIGH
7.8 Nov 21

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated h

CVE-2022-2277 HIGH
7.5 Sep 14

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP co

CVE-2022-29922 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item b

CVE-2022-29492 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCA

CVE-2025-39202 HIGH
7.3 Jun 24

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows

CVE-2025-39204 MEDIUM
6.5 Jun 24

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface

CVE-2025-39203 MEDIUM
6.5 Jun 24

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from

CVE-2025-39205 MEDIUM
6.5 Jun 24

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol a

Share

CVE-2024-7940 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy