CVE-2025-39204
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-06-24
Last updated on: 2026-01-26
Assigner: Hitachi Energy
Description
Description
A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachienergy | microscada_x_sys600 | From 10.0 (inc) to 10.7 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. It involves a malformed filtering query that can cause the system to return data improperly, potentially leaking unauthorized information to the user.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized information disclosure through the Web interface, which may compromise sensitive data and affect the confidentiality of the system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70