Hitachienergy Microscada X Sys600 — known CVE vulnerabilities
Every CVE whose affected-product data names Hitachienergy Microscada X Sys600, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2024-3980 — CVSS 9.9 (critical): The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in…
CVE-2024-4872 — CVSS 9.9 (critical): A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated…
CVE-2022-3388 — CVSS 8.8 (high): An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can…
CVE-2022-29490 — CVSS 8.5 (high): Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user…
CVE-2024-7940 — CVSS 8.3 (high): The product exposes a service that is intended for local only to all network interfaces without any authentication.
CVE-2024-3982 — CVSS 8.2 (high): An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product…
CVE-2022-1778 — CVSS 7.5 (high): Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a…
CVE-2022-2277 — CVSS 7.5 (high): Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication…
CVE-2022-29922 — CVSS 7.5 (high): Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect…
CVE-2025-39202 — CVSS 7.3 (high): A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can…
CVE-2025-39203 — CVSS 6.5 (medium): A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote…
CVE-2025-39204 — CVSS 6.5 (medium): A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed…
CVE-2025-39205 — CVSS 6.5 (medium): A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote…
CVE-2025-39201 — CVSS 6.1 (medium): A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system…
CVE-2022-29492 — CVSS 5.3 (medium): Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600…
CVE-2024-7941 — CVSS 4.3 (medium): An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying…