Filtered by vendor Hitachienergy
Subscribe
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39205 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-30 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation. | |||||
| CVE-2025-39201 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 6.1 MEDIUM |
| A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. | |||||
| CVE-2025-39202 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 7.3 HIGH |
| A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. | |||||
| CVE-2025-39203 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop. | |||||
| CVE-2025-39204 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user. | |||||
| CVE-2024-41153 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2025-10-24 | N/A | 7.2 HIGH |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |||||
| CVE-2022-3388 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2025-07-23 | N/A | 8.8 HIGH |
| An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. | |||||
| CVE-2024-28022 | 1 Hitachienergy | 2 Foxman-un, Unem | 2025-04-29 | N/A | 6.5 MEDIUM |
| A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account. | |||||
| CVE-2017-16731 | 1 Hitachienergy | 1 Ellipse | 2025-04-20 | 2.9 LOW | 8.8 HIGH |
| An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | |||||
| CVE-2017-15583 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2025-04-20 | 5.0 MEDIUM | 6.5 MEDIUM |
| The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file. | |||||
| CVE-2017-14025 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. | |||||
| CVE-2024-41156 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2024-12-05 | N/A | 2.7 LOW |
| Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access. | |||||
| CVE-2024-2013 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 10.0 CRITICAL |
| An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface. | |||||
| CVE-2024-2012 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 9.1 CRITICAL |
| vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing sensitive data to be read or modified or could cause other unintended behavior | |||||
| CVE-2024-2011 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 8.6 HIGH |
| A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy | |||||
| CVE-2024-28024 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 4.1 MEDIUM |
| A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. | |||||
| CVE-2024-28021 | 1 Hitachienergy | 3 Foxman-un, Foxman Un, Unem | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | |||||
| CVE-2024-28020 | 1 Hitachienergy | 2 Foxman-un, Unem | 2024-11-21 | N/A | 8.0 HIGH |
| A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services. | |||||
| CVE-2023-6711 | 1 Hitachienergy | 2 Rtu500, Rtu500 Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU. | |||||
| CVE-2023-5769 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized. | |||||