Products
MicroSCADA X SYS600
Source
cybersecurity@hitachienergy.com
Tags
CVE-2024-3982 details
Published : Aug. 27, 2024, 1:15 p.m.
Last Modified : Aug. 27, 2024, 3:52 p.m.
Last Modified : Aug. 27, 2024, 3:52 p.m.
Description
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.2 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-294 | Authentication Bypass by Capture-replay | A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.2
Exploitability Score
1.5
Impact Score
6.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch | cybersecurity@hitachienergy.com |
This website uses the NVD API, but is not approved or certified by it.