Filtered by vendor Hitachienergy Subscriptions
Total 94 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-18253 1 Hitachienergy 2 Relion 670, Relion 670 Firmware 2024-11-21 10.0 Critical
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.
CVE-2019-18247 1 Hitachienergy 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more 2024-11-21 7.5 High
An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service.
CVE-2018-20720 1 Hitachienergy 2 Relion 630, Relion 630 Firmware 2024-11-21 N/A
ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
CVE-2018-1168 1 Hitachienergy 2 Sys600, Sys600 Firmware 2024-11-21 N/A
This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the access controls for the installed product files. The installation procedure leaves critical files open to manipulation by any authenticated user. An attacker can leverage this vulnerability to escalate privileges to SYSTEM. Was ZDI-CAN-5097.
CVE-2018-14805 1 Hitachienergy 1 Esoms 2024-11-21 N/A
ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability.
CVE-2017-16731 1 Hitachienergy 1 Ellipse 2024-11-21 N/A
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
CVE-2017-15583 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2024-11-21 N/A
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
CVE-2017-14025 1 Hitachienergy 2 Fox515t, Fox515t Firmware 2024-11-21 N/A
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
CVE-2024-41153 2 Hitachi Energy, Hitachienergy 7 Tro600, Tro610, Tro610 Firmware and 4 more 2024-10-31 7.2 High
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.
CVE-2024-3980 1 Hitachienergy 3 Microscada Pro Sys600, Microscada Sys600, Microscada X Sys600 2024-10-30 8.8 High
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
CVE-2024-3982 2 Hitachi, Hitachienergy 2 Microscada X Sys600, Microscada X Sys600 2024-10-30 8.2 High
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.
CVE-2024-4872 1 Hitachienergy 3 Microscada Pro Sys600, Microscada Sys600, Microscada X Sys600 2024-10-30 8.8 High
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
CVE-2024-7941 1 Hitachienergy 1 Microscada X Sys600 2024-10-30 4.3 Medium
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVE-2024-7940 1 Hitachienergy 1 Microscada X Sys600 2024-08-28 8.3 High
The product exposes a service that is intended for local only to all network interfaces without any authentication.