Filtered by vendor Hitachienergy
Subscriptions
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-4872 | 1 Hitachienergy | 2 Microscada Sys600, Microscada X Sys600 | 2024-09-05 | 9.9 Critical |
The product does not validate any query towards persistent data, resulting in a risk of injection attacks. | ||||
CVE-2024-3980 | 1 Hitachienergy | 2 Microscada Sys600, Microscada X Sys600 | 2024-08-30 | 9.9 Critical |
The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application. | ||||
CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-08-28 | 8.2 High |
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
CVE-2024-7940 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-28 | 8.3 High |
The product exposes a service that is intended for local only to all network interfaces without any authentication. | ||||
CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-28 | 4.3 Medium |
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | ||||
CVE-2022-3864 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-08-27 | 4.5 Medium |
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. | ||||
CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 1.9 Low |
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | ||||
CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 6.5 Medium |
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. | ||||
CVE-2024-28020 | 1 Hitachienergy | 2 Foxman Un, Unem | 2024-08-15 | 8 High |
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEMÂ application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. | ||||
CVE-2024-28021 | 1 Hitachienergy | 3 Foxman-un, Foxman Un, Unem | 2024-08-15 | 8 High |
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | ||||
CVE-2024-2011 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 8.6 High |
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | ||||
CVE-2024-2012 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 9.1 Critical |
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | ||||
CVE-2024-2013 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 10 Critical |
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | ||||
CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2024-08-05 | N/A |
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | ||||
CVE-2017-15583 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2024-08-05 | N/A |
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. | ||||
CVE-2017-14025 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2024-08-05 | N/A |
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. | ||||
CVE-2018-20720 | 1 Hitachienergy | 2 Relion 630, Relion 630 Firmware | 2024-08-05 | N/A |
ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | ||||
CVE-2018-14805 | 1 Hitachienergy | 1 Esoms | 2024-08-05 | N/A |
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | ||||
CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2024-08-05 | N/A |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | ||||
CVE-2019-19093 | 1 Hitachienergy | 1 Esoms | 2024-08-05 | 6.5 Medium |
eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. |