An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA
Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
Fixes

Solution

For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2 Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1. A requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least the SYS600 9.4 FP2 Hotfix 4 installed. CPE:  cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*


Workaround

Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. We recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X Cyber Security Deployment Guideline.

History

Wed, 23 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Description An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published:

Updated: 2025-07-23T20:45:00.000Z

Reserved: 2022-09-30T00:00:00.000Z

Link: CVE-2022-3388

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-21T19:15:13.353

Modified: 2025-07-23T21:15:25.387

Link: CVE-2022-3388

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.