Search
Search Results (105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1168 | 1 Hitachienergy | 2 Sys600, Sys600 Firmware | 2024-11-21 | N/A |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097. | ||||
| CVE-2018-14805 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | N/A |
| ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability. | ||||
| CVE-2024-3982 | 2 Hitachi, Hitachienergy | 2 Microscada X Sys600, Microscada X Sys600 | 2024-10-30 | 8.2 High |
| An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | ||||
| CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | 4.3 Medium |
| An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | ||||
| CVE-2024-7940 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-08-28 | 8.3 High |
| The product exposes a service that is intended for local only to all network interfaces without any authentication. | ||||