Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
Metrics
Affected Vendors & Products
Solution
For SYS600 9.x: update to at SYS600 version SYS600 9.4 FP2 Hotfix 5 when it is released or upgrade to at least SYS600 version 10.4.1. A requirement to install SYS600 9.4 FP2 Hotfix 5 is to have at least the SYS600 9.4 FP2 Hotfix 4 installed. CPE: cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*
Workaround
Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system. Proper password policies and processes should be followed. We recommend following the cybersecurity deployment guideline as follows: 1MRK511518 MicroSCADA X Cyber Security Deployment Guideline.
Wed, 23 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. | An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. |

Status: PUBLISHED
Assigner: Hitachi Energy
Published:
Updated: 2025-07-23T20:45:00.000Z
Reserved: 2022-09-30T00:00:00.000Z
Link: CVE-2022-3388

No data.

Status : Modified
Published: 2022-11-21T19:15:13.353
Modified: 2025-07-23T21:15:25.387
Link: CVE-2022-3388

No data.

No data.