CVE-2024-4872

moderate-risk
Published 2024-08-27

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada Pro Sys600
Microscada X Sys600

Affected Vendors

Hitachienergy

References (1)

Vendor Advisory https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=e...
48
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 2/34 · Minimal
Exposure 13/34 · Low