CVE-2024-3980

CRITICAL

MicroSCADA Pro/X SYS600 - Path Traversal

Title source: llm

Description

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.

References (1)

Core 1

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 9.9

EPSS 0.0061

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

hitachienergy/microscada_pro_sys600 9.4 fixpack_1 (6 CPE variants)

hitachienergy/microscada_x_sys600 10.0 - 10.6

Published Aug 27, 2024

Tracked Since Feb 18, 2026