[{"vendor":"hitachienergy","product":"microscada_sys600","defaultStatus":"unknown","cpes":["cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"],"versions":[{"version":"10.0","lessThanOrEqual":"10.5","versionType":"custom","status":"affected"}]}]

{"timestamp":"2024-08-28T14:10:05.924302Z","id":"CVE-2024-3980","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"Hitachi Energy","product":"MicroSCADA X SYS600","defaultStatus":"unaffected","versions":[{"version":"10.0","lessThanOrEqual":"10.5","versionType":"custom","status":"affected"}]},{"vendor":"Hitachi Energy","product":"MicroSCADA Pro SYS600","defaultStatus":"unaffected","versions":[{"version":"9.4 FP2 HF1","lessThanOrEqual":"9.4 FP2 HF5","versionType":"custom","status":"affected"},{"version":"9.4 FP1","versionType":"custom","status":"affected"}]}]

NIST CWE-22

NIST CWE-88

OR
     *cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* versions up to (excluding) 10.6

OR
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_1:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf1:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf2:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf3:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf4:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_pro_sys600:9.4:fixpack_2_hf5:*:*:*:*:*:*
     *cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* versions from (including) 10.0 up to (excluding) 10.6

The product allows user input to control or influence paths or file
names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are
critical to the application.

The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or
other files that are critical to the application.

Hitachi Energy CWE-22

Hitachi Energy CWE-88

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST CWE-88

OR
     *cpe:2.3:a:hitachienergy:microscada_x_sys600:*:*:*:*:*:*:*:* versions up to (excluding) 10.6

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch No Types Assigned

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch Vendor Advisory

The product allows user input to control or influence paths or file
names that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are
critical to the application.

Hitachi ABB Power Grids AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Hitachi ABB Power Grids CWE-88

Hitachi ABB Power Grids https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch [No types assigned]