CVE-2024-7941

MEDIUM

Hitachi Energy MicroSCADA X SYS600 - Open Redirect via HTTP Parameter

Title source: llm

Description

An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

References (1)

Core 1

Core References

Vendor Advisory

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

hitachienergy/microscada_x_sys600 10.5

Published Aug 27, 2024

Tracked Since Feb 18, 2026