CVE-2025-39201

| EUVD-2025-19004 MEDIUM
2025-06-24 [email protected]
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19004
CVE Published
Jun 24, 2025 - 12:15 nvd
MEDIUM 6.1

Tags

Privilege Escalation Microscada X Sys600

Description

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

Analysis

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

Technical Context

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Incorrect Default Permissions (CWE-276).

Affected Products

Affected products: Hitachienergy Microscada X Sys600

Remediation

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +30
POC: 0

Share

CVE-2025-39201 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy