VYPR

MicroSCADA X SYS600

by Hitachi

CVEs (17)

  • CVE-2024-4872CriAug 27, 2024
    risk 0.64cvss 9.9epss 0.01

    A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

  • CVE-2024-3980CriAug 27, 2024
    risk 0.64cvss 9.9epss 0.01

    The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the…

  • CVE-2022-3388HigNov 21, 2022
    risk 0.57cvss 8.8epss 0.00

    An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

  • CVE-2022-29490HigSep 12, 2022
    risk 0.55cvss 8.5epss 0.01

    Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X…

  • CVE-2024-7940HigAug 27, 2024
    risk 0.54cvss 8.3epss 0.01

    The product exposes a service that is intended for local only to all network interfaces without any authentication.

  • CVE-2024-3982HigAug 27, 2024
    risk 0.53cvss 8.2epss 0.00

    An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users…

  • CVE-2022-2277HigSep 14, 2022
    risk 0.49cvss 7.5epss 0.01

    Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future…

  • CVE-2022-29922HigSep 14, 2022
    risk 0.49cvss 7.5epss 0.01

    Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. The vulnerability may cause a…

  • CVE-2022-1778HigSep 14, 2022
    risk 0.49cvss 7.5epss 0.00

    Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. The configuration file can only be accessed by an administrator access. This issue…

  • CVE-2025-39202HigJun 24, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.

  • CVE-2025-39205MedJun 24, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

  • CVE-2025-39204MedJun 24, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

  • CVE-2025-39203MedJun 24, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.

  • CVE-2025-39201MedJun 24, 2025
    risk 0.40cvss 6.1epss 0.00

    A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.

  • CVE-2022-3353MedFeb 21, 2023
    risk 0.38cvss 5.9epss 0.01

    A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products.  An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting…

  • CVE-2022-29492MedSep 14, 2022
    risk 0.35cvss 5.3epss 0.01

    Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open.…

  • CVE-2024-7941MedAug 27, 2024
    risk 0.28cvss 4.3epss 0.00

    An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.