CVE-2024-3980: Path Traversal
First published: Tue Aug 27 2024(Updated: )
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
Credit: cybersecurity@hitachienergy.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_1 | |
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_2_hf1 | |
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_2_hf2 | |
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_2_hf3 | |
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_2_hf4 | |
| Hitachi Energy Microscada Pro Sys600 | =9.4-fixpack_2_hf5 | |
| Hitachi Energy Microscada X Sys600 | >=10.0<10.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3980?
CVE-2024-3980 has a high severity rating due to its potential to allow authenticated attackers access to critical system files.
How do I fix CVE-2024-3980?
To remediate CVE-2024-3980, users should apply the latest security fixes provided by Hitachi Energy for the MicroSCADA Pro SYS600 product.
Who is affected by CVE-2024-3980?
CVE-2024-3980 affects authenticated users of the MicroSCADA Pro SYS600 product, specifically versions 9.4 fixpack 1, 2, and 10.0 to 10.6.
What kind of attacks can exploit CVE-2024-3980?
Exploitation of CVE-2024-3980 can lead to unauthorized access or modification of sensitive system files by authenticated users.
What are the implications of CVE-2024-3980?
The implications of CVE-2024-3980 include potential disruption of critical operations and compromise of sensitive system integrity.
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/description
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hitachienergy
- canonical/hitachi energy microscada pro sys600
- version/hitachi energy microscada pro sys600/9.4-fixpack_1
- version/hitachi energy microscada pro sys600/9.4-fixpack_2_hf1
- version/hitachi energy microscada pro sys600/9.4-fixpack_2_hf2
- version/hitachi energy microscada pro sys600/9.4-fixpack_2_hf3
- version/hitachi energy microscada pro sys600/9.4-fixpack_2_hf4
- version/hitachi energy microscada pro sys600/9.4-fixpack_2_hf5
- canonical/hitachi energy microscada x sys600
- version/hitachi energy microscada x sys600/10.0