#VU67891 Improper Privilege Management in MicroSCADA X SYS600 and MicroSCADA Pro SYS600 - CVE-2022-29490

Cybersecurity Help s.r.o.

Published: 2022-10-04

Vulnerability identifier: #VU67891

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2022-29490

CWE-ID: CWE-269

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MicroSCADA X SYS600
Server applications / SCADA systems
MicroSCADA Pro SYS600
Server applications / SCADA systems

Vendor: Hitachi Energy

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to improper privilege management in the Workplace X WebUI. A remote user can execute any MicroSCADA internal scripts irrespective of the authenticated user's role.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MicroSCADA X SYS600: 10.3.1

MicroSCADA Pro SYS600: 10.3.1

External links
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/uscert/ics/advisories/icsa-22-272-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600