Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
Analysis
A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
Technical ContextAI
Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Incorrect Default Permissions (CWE-276).
RemediationAI
Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).
More in Microscada X Sys600
View allThe product exposes a service that is intended for local only to all network interfaces without any authentication. Rate
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), t
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging suppor
An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated h
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP co
Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item b
Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCA
CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface
A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19004