A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
Existe una vulnerabilidad en la interfaz web del producto MicroSCADA X SYS600. La consulta de filtrado en la interfaz web puede estar malformada, por lo que los datos devueltos pueden filtrar informaciĆ³n no autorizada al usuario.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Attack Requirements | NONE |
| Privileges Required | LOW |
| User Interaction | NONE |
| Vulnerability Confidentiality | HIGH |
| Vulnerability Integrity | NONE |
| Vulnerability Availability | NONE |
| Subsequent Confidentiality | HIGH |
| Subsequent Integrity | HIGH |
| Subsequent Availability | HIGH |
Source: [email protected]
Type: Secondary
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-200
|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | microscada_x_sys600 | * | <built-in method update of dict object at 0x72a9b0c99300> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* |