An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.
Un atacante con acceso local a la máquina donde está instalado MicroSCADA X SYS600, podría habilitar el registro de sesiones que soporta el producto e intentar explotar un secuestro de sesión de una sesión ya establecida. De forma predeterminada, el nivel de registro de sesión no está habilitado y solo los usuarios con derechos de administrador pueden habilitarlo.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-294
|
| [email protected] | Primary |
en
CWE-294
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | microscada_x_sys600 | * | <built-in method update of dict object at 0x72a9cd0c0440> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* |