Skip to main content

Microscada X Sys600 CVE-2025-39203

| EUVDEUVD-2025-19002 MEDIUM
Improper Validation of Integrity Check Value (CWE-354)
2025-06-24 cybersecurity@hitachienergy.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19002
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 12:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Analysis

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users.

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2024-7940 CRITICAL
9.8 Aug 27

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rate

CVE-2024-4872 HIGH
8.8 Aug 27

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), t

CVE-2024-3980 HIGH
8.8 Aug 27

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that

CVE-2022-29490 HIGH
8.8 Sep 12

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an

CVE-2024-3982 HIGH
8.2 Aug 27

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging suppor

CVE-2022-3388 HIGH
7.8 Nov 21

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated h

CVE-2022-2277 HIGH
7.5 Sep 14

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP co

CVE-2022-29922 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item b

CVE-2022-29492 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCA

CVE-2025-39202 HIGH
7.3 Jun 24

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows

CVE-2025-39204 MEDIUM
6.5 Jun 24

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface

CVE-2025-39205 MEDIUM
6.5 Jun 24

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol a

Share

CVE-2025-39203 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy