CVE-2024-3980

moderate-risk
Published 2024-08-27

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (7)

Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada X Sys600

Affected Vendors

Hitachienergy

References (1)

Vendor Advisory https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=e...
49
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 2/34 · Minimal
Exposure 14/34 · Moderate