Skip to main content

Microscada X Sys600 CVE-2025-39205

| EUVDEUVD-2025-19012 MEDIUM
Improper Certificate Validation (CWE-295)
2025-06-24 cybersecurity@hitachienergy.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19012
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 13:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

Analysis

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

Technical ContextAI

This vulnerability is classified as Improper Certificate Validation (CWE-295).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2024-7940 CRITICAL
9.8 Aug 27

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rate

CVE-2024-4872 HIGH
8.8 Aug 27

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), t

CVE-2024-3980 HIGH
8.8 Aug 27

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that

CVE-2022-29490 HIGH
8.8 Sep 12

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an

CVE-2024-3982 HIGH
8.2 Aug 27

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging suppor

CVE-2022-3388 HIGH
7.8 Nov 21

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated h

CVE-2022-2277 HIGH
7.5 Sep 14

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP co

CVE-2022-29922 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item b

CVE-2022-29492 HIGH
7.5 Sep 14

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCA

CVE-2025-39202 HIGH
7.3 Jun 24

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows

CVE-2025-39204 MEDIUM
6.5 Jun 24

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface

CVE-2025-39203 MEDIUM
6.5 Jun 24

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from

Share

CVE-2025-39205 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy