{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3980","assignerOrgId":"e383dce4-0c27-4495-91c4-0db157728d17","state":"PUBLISHED","assignerShortName":"Hitachi Energy","dateReserved":"2024-04-19T12:45:24.793Z","datePublished":"2024-08-27T12:42:41.124Z","dateUpdated":"2025-08-27T21:24:22.839Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"MicroSCADA X SYS600","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"10.5","status":"affected","version":"10.0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"MicroSCADA Pro SYS600","vendor":"Hitachi Energy","versions":[{"lessThanOrEqual":"9.4 FP2 HF5","status":"affected","version":"9.4 FP2 HF1","versionType":"custom"},{"status":"affected","version":"9.4 FP1","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."}],"value":"The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names\nthat are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or\nother files that are critical to the application."}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.9,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"MicroSCADA X SYS600"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"MicroSCADA Pro SYS600"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e383dce4-0c27-4495-91c4-0db157728d17","shortName":"Hitachi Energy","dateUpdated":"2024-10-29T13:35:30.374Z"},"references":[{"url":"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"hitachienergy","product":"microscada_sys600","cpes":["cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"10.0","status":"affected","lessThanOrEqual":"10.5","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-28T14:10:05.924302Z","id":"CVE-2024-3980","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-27T21:24:22.839Z"}}]}}