Hitachi Product Update Advisory

Sep 04 2024

Overview

An update has been released to address vulnerabilities in Hitachi Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-4872, CVE-2024-3980, CVE-2024-3982

MicroSCADA X SYS600 versions: ~ 10.5 (inclusive)

CVE-2024-7940

MicroSCADA X SYS600 versions: 10.2 (inclusive) ~ 10.5 (inclusive)

Resolved Vulnerabilities

Vulnerability that does not validate any queries to persistent data, resulting in a risk of injection attacks (CVE-2024-4872)

Vulnerability that allows user input to control or change the path or file name used for file system operations, which could allow an attacker to access or modify application-critical system files or other files (CVE-2024-3980)

Vulnerability that could allow an attacker to enable product-supported session logging and attempt to exploit session hijacking of an already established session (CVE-2024-3982)

Vulnerability that provides locally available services to all network interfaces without authentication (CVE-2024-7940)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-4872, CVE-2024-3980, CVE-2024-3982, CVE-2024-7940

MicroSCADA X SYS600 version: 10.6

References

[1] Multiple vulnerabilities in Hitachi Energy MicroSCADA X SYS600 product

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch

Hitachi Product Update Advisory

Google Chrome Browser (128.0.6613.119/.120) Security Update Advisory

Netwrix Product Security Update Advisory

Tags:

Google Chrome Browser (128.0.6613.119/.120) Security Update Advisory

Netwrix Product Security Update Advisory