An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
Existe una vulnerabilidad de validación de entrada en la interfaz Monitor Pro de MicroSCADA Pro y MicroSCADA X SYS600. Un usuario autenticado puede iniciar una ejecución remota de código a nivel de administrador, independientemente de su rol.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-20
|
| [email protected] | Primary |
en
CWE-20
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | microscada_pro_sys600 | 9.0 | <built-in method update of dict object at 0x72a9b0b76f00> | Application |
| hitachienergy | microscada_pro_sys600 | 9.1 | <built-in method update of dict object at 0x72a9b0b74b40> | Application |
| hitachienergy | microscada_pro_sys600 | 9.2 | <built-in method update of dict object at 0x72a9ccfc4ac0> | Application |
| hitachienergy | microscada_pro_sys600 | 9.3 | <built-in method update of dict object at 0x72a9b0a79400> | Application |
| hitachienergy | microscada_pro_sys600 | 9.4 | <built-in method update of dict object at 0x72a9b0ca55c0> | Application |
| hitachienergy | microscada_x_sys600 | 10 | <built-in method update of dict object at 0x72a9b0ca4fc0> | Application |
| hitachienergy | microscada_x_sys600 | 10.1 | <built-in method update of dict object at 0x72a9b0b76c80> | Application |
| hitachienergy | microscada_x_sys600 | 10.1.1 | <built-in method update of dict object at 0x72a9b0b74dc0> | Application |
| hitachienergy | microscada_x_sys600 | 10.2 | <built-in method update of dict object at 0x72a9b0b77200> | Application |
| hitachienergy | microscada_x_sys600 | 10.2.1 | <built-in method update of dict object at 0x72a9b0ca6280> | Application |
| hitachienergy | microscada_x_sys600 | 10.3 | <built-in method update of dict object at 0x72a9b0797bc0> | Application |
| hitachienergy | microscada_x_sys600 | 10.3.1 | <built-in method update of dict object at 0x72a9b0b75100> | Application |
| hitachienergy | microscada_x_sys600 | 10.4 | <built-in method update of dict object at 0x72a9b0797900> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* |