CVE-2022-3388

Published Nov 21, 2022

Last updated a year ago

CVSS high 7.8

Overview

Description: An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.
Source: cybersecurity@hitachienergy.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-20
cybersecurity@hitachienergy.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04AC7D20-659E-4844-A5A1-5B995FDB1B44"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A63E12C-E39C-420F-AEA2-377A60E03A28"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCD469ED-619F-4075-923A-8D6E15245831"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0577CAD7-1C5C-40D6-B20B-56F532642583"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECDCF4E1-FCCC-4984-AE92-3C188B469E63"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "606A7937-B800-4862-9B38-91E10BD54184"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "572594C5-7BDF-4555-954E-59AC83373E0B"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9F9C6EE-D049-42E7-8843-9C732DCB1E49"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D603FC1-851F-49DD-931C-E74F142F6281"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8617D0B8-0516-4CA2-9CFA-B9B65D8E125F"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC293ABD-343C-4DE1-BE14-E3033DE094AE"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "571AF4DB-6A32-49CF-B8E9-8224A084BE35"
          },
          {
            "criteria": "cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8462B2-9E02-414C-96DA-98C812089F56"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References