CVE-2022-3388

HIGH

Hitachi Energy MicroSCADA SYS600 - Authenticated Remote Code Execution

Title source: manual

Description

An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.

References (1)

Core 1

Core References

Vendor Advisory

https://search.abb.com/library/Download.aspx?DocumentID=8DBD000123&LanguageCode=en&DocumentPartId=&Action=Launch&elqaid=4293&elqat=1

Scores

CVSS v3 8.8

EPSS 0.0028

EPSS Percentile 19.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (13)

hitachienergy/microscada_pro_sys600 9.0

hitachienergy/microscada_pro_sys600 9.1

hitachienergy/microscada_pro_sys600 9.2

hitachienergy/microscada_pro_sys600 9.3

hitachienergy/microscada_pro_sys600 9.4

hitachienergy/microscada_x_sys600 10

hitachienergy/microscada_x_sys600 10.1

hitachienergy/microscada_x_sys600 10.1.1

hitachienergy/microscada_x_sys600 10.2

hitachienergy/microscada_x_sys600 10.2.1

... and 3 more

Published Nov 21, 2022

Tracked Since Feb 18, 2026