Hitachienergy: Security Vulnerabilities
Command injection vulnerability in the Edge Computing UI for the
TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the
web UI can execute commands on the device with root privileges,
far more extensive than what the write privilege intends.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-10-29
Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. Profiles
can only be exported by authenticated users with higher privilege of write access.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-10-29
The product exposes a service that is intended for local only to
all network interfaces without any authentication.
CVSS Score
8.3
EPSS Score
0.002
Published
2024-08-27
An HTTP parameter may contain a URL value and could cause
the web application to redirect the request to the specified URL.
By modifying the URL value to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-08-27
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-08-27
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level
is not enabled and only users with administrator rights can enable it.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-08-27
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability
an attacker must have a valid credential.
CVSS Score
9.9
EPSS Score
0.003
Published
2024-08-27
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of
authentication attempts using different passwords, and eventually
gain access to other components in the same security realm using
the targeted account.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-06-11
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in cleartext within a resource that might be accessible to another control sphere.
CVSS Score
4.1
EPSS Score
0.0
Published
2024-06-11
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application
and server management. If exploited a malicious high-privileged
user could use the passwords and login information through complex routines to extend access on the server and other services.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-06-11
Page 1