Filtered by vendor Hitachienergy
Subscriptions
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-26845 | 1 Hitachienergy | 1 Esoms | 2024-09-16 | 7.5 High |
Information Exposure vulnerability in Hitachi ABB Power Grids eSOMS allows unauthorized user to gain access to report data if the URL used to access the report is discovered. This issue affects: Hitachi ABB Power Grids eSOMS 6.0 versions prior to 6.0.4.2.2; 6.1 versions prior to 6.1.4; 6.3 versions prior to 6.3. | ||||
CVE-2022-1778 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-09-16 | 7.5 High |
Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | ||||
CVE-2021-35535 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-09-16 | 8.1 High |
Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/650/SAM600-IO series allows an attacker who manages to get access to the front network port and to cause a reboot sequences of the device may exploit the vulnerability, where there is a tiny time gap during the booting process where an older version of VxWorks is loaded prior to application firmware booting, could exploit the vulnerability in the older version of VxWorks and cause a denial-of-service on the product. This issue affects: Hitachi Energy Relion 670 Series 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.3. Hitachi Energy Relion 670/650 Series 2.2.0 all revisions; 2.2.4 all revisions. Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions. | ||||
CVE-2021-35528 | 1 Hitachienergy | 2 Counterparty Settlements And Billing, Retail Operations | 2024-09-16 | 7.2 High |
Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute a modified signed Java Applet JAR file. A successful exploitation may lead to data extraction or modification of data inside the application. This issue affects: Hitachi Energy Retail Operations 5.7.3 and prior versions. Hitachi Energy Counterparty Settlement and Billing (CSB) 5.7.3 prior versions. | ||||
CVE-2021-35531 | 1 Hitachienergy | 2 Txpert Hub Coretec 4, Txpert Hub Coretec 4 Firmware | 2024-09-16 | 6.7 Medium |
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | ||||
CVE-2024-4872 | 1 Hitachienergy | 2 Microscada Sys600, Microscada X Sys600 | 2024-09-05 | 9.9 Critical |
The product does not validate any query towards persistent data, resulting in a risk of injection attacks. | ||||
CVE-2024-3980 | 1 Hitachienergy | 2 Microscada Sys600, Microscada X Sys600 | 2024-08-30 | 9.9 Critical |
The product allows user input to control or influence paths or file names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are critical to the application. | ||||
CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-08-28 | 8.2 High |
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
CVE-2024-7940 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-28 | 8.3 High |
The product exposes a service that is intended for local only to all network interfaces without any authentication. | ||||
CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-28 | 4.3 Medium |
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | ||||
CVE-2022-3864 | 1 Hitachienergy | 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more | 2024-08-27 | 4.5 Medium |
A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service. | ||||
CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 1.9 Low |
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | ||||
CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 6.5 Medium |
A vulnerability exists in the FOXMAN-UN/UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to the targeted account. | ||||
CVE-2024-28020 | 1 Hitachienergy | 2 Foxman Un, Unem | 2024-08-15 | 8 High |
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEMÂ application and server management. If exploited a malicious user could use the passwords and login information to extend access on the server and other services. | ||||
CVE-2024-28021 | 1 Hitachienergy | 3 Foxman-un, Foxman Un, Unem | 2024-08-15 | 8 High |
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | ||||
CVE-2024-2011 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 8.6 High |
A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | ||||
CVE-2024-2012 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 9.1 Critical |
vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | ||||
CVE-2024-2013 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-08-15 | 10 Critical |
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | ||||
CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2024-08-05 | N/A |
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | ||||
CVE-2017-15583 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2024-08-05 | N/A |
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. |