Skip to main content

Microscada X Sys600

16 CVEs product

Monthly

CVE-2025-39205 MEDIUM This Month

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-39204 MEDIUM This Month

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39203 MEDIUM This Month

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Denial Of Service Microscada X Sys600
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-39202 HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure Path Traversal Microscada X Sys600
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-39201 MEDIUM This Month

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

Privilege Escalation Microscada X Sys600
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-7941 MEDIUM This Month

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microscada X Sys600
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-7940 CRITICAL Act Now

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-4872 HIGH This Week

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nosql Injection Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3982 HIGH This Week

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-3980 HIGH This Week

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3388 HIGH This Week

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microscada Pro Sys600 Microscada X Sys600
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2277 HIGH This Week

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29922 HIGH This Week

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-29492 HIGH This Week

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-1778 MEDIUM This Month

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microscada X Sys600
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-29490 HIGH This Week

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

Information Disclosure Microscada X Sys600
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

Information Disclosure Microscada X Sys600
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

Denial Of Service Microscada X Sys600
NVD
EPSS 0% CVSS 7.3
HIGH This Week

CVE-2025-39202 is a local privilege escalation vulnerability in MicroSCADA X SYS600's Monitor Pro interface that allows authenticated users with low privileges to read and overwrite arbitrary files, leading to information disclosure and data corruption. The vulnerability affects the SYS600 product line and requires local access with valid credentials; while the CVSS score of 7.3 indicates moderate-to-high severity, real-world exploitability depends on whether this vulnerability has been added to CISA's KEV catalog or has publicly available proof-of-concept code.

Siemens SCADA Information Disclosure +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

Privilege Escalation Microscada X Sys600
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Microscada X Sys600
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The product exposes a service that is intended for local only to all network interfaces without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nosql Injection Microscada Pro Sys600 +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microscada Pro Sys600 Microscada X Sys600
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microscada Pro Sys600 Microscada X Sys600
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microscada X Sys600
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microscada X Sys600
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microscada X Sys600
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy