CVE-2024-7941
First published: Tue Aug 27 2024(Updated: )
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Credit: cybersecurity@hitachienergy.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Energy Microscada X Sys600 | =10.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-7941?
CVE-2024-7941 has been rated as a high-severity vulnerability due to its potential for leading to phishing attacks.
How do I fix CVE-2024-7941?
To mitigate CVE-2024-7941, it is essential to validate and sanitize URL parameters to prevent untrusted redirects.
What kind of attacks can CVE-2024-7941 facilitate?
CVE-2024-7941 can facilitate phishing attacks that trick users into providing sensitive credentials.
Which software versions are affected by CVE-2024-7941?
CVE-2024-7941 specifically affects Hitachi Energy's Microscada X Sys600 version 10.5.
Is there a workaround for CVE-2024-7941?
A potential workaround for CVE-2024-7941 is to disable any features that allow external URL redirects until a patch is available.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hitachienergy
- canonical/hitachi energy microscada x sys600
- version/hitachi energy microscada x sys600/10.5