Microscada x sys600

This hub aggregates every CVE we track for Microscada x sys600, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Microscada x sys600.

• CVE-2025-39205A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.6.5Jun 24, 2025
• CVE-2025-39204A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the...6.5Jun 24, 2025
• CVE-2025-39203A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection...6.5Jun 24, 2025
• CVE-2025-39202A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data co...7.3Jun 24, 2025
• CVE-2025-39201A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.6.1Jun 24, 2025
• CVE-2024-7941An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfu...4.3Aug 27, 2024
• CVE-2024-7940The product exposes a service that is intended for local only to all network interfaces without any authentication.8.3Aug 27, 2024
• CVE-2024-3982An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establi...8.2Aug 27, 2024
• CVE-2024-3980The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the ...9.9Aug 27, 2024
• CVE-2024-4872A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to s...9.9Aug 27, 2024
• CVE-2022-3353IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products5.9Feb 21, 2023
• CVE-2022-3388Input Validation Vulnerability in Hitachi Energy’s MicroSCADA Pro/X SYS600 Products8.8Nov 21, 2022
• CVE-2022-29492A vulnerability exists in the handling of a malformed IEC 104 TCP packet. Upon receiving a malformed IEC 104 TCP packet, the malformed packet is dropped, however the TCP connection is left open. This may cause a denial-of-service if the affected conne ...5.3Sep 14, 2022
• CVE-2022-1778A vulnerability exists during the start of the affected SYS600, where an input validation flaw causes a buffer-overflow while reading a specific configuration file. Subsequently SYS600 will fail to start. The configuration file can only be accessed by ...7.5Sep 14, 2022
• CVE-2022-29922A vulnerability exists in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server. The vulnerability may cause a denial-of-service on the IEC 61850 OPC Server part of the SYS ...7.5Sep 14, 2022