CVE-2024-4872

CRITICAL
Published Aug 27, 2024 Modified Oct 30, 2024 CWE-943

Description

A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.

CVSS v3.1 Score

9.9
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-943 CWE-943

Affected Products

Vendor Product
hitachienergy microscada_pro_sys600
hitachienergy microscada_pro_sys600
hitachienergy microscada_pro_sys600
hitachienergy microscada_pro_sys600
hitachienergy microscada_pro_sys600
hitachienergy microscada_x_sys600

References

Frequently Asked Questions

What is CVE-2024-4872? +
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. It has a CVSS v3.1 base score of 9.9 (CRITICAL).
How severe is CVE-2024-4872? +
CVE-2024-4872 has a CVSS v3.1 score of 9.9 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-4872? +
CVE-2024-4872 affects products from hitachienergy, specifically: microscada_pro_sys600, microscada_x_sys600. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-4872? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42156

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote …
CVE-2026-41274 9.8

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the …
CVE-2026-40351 9.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion …
CVE-2026-41328 9.1

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives …
CVE-2026-41327 9.1

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives …
CVE-2026-40352 8.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-4872 — free, no signup required.

Start Free Scan