CVE-2022-29490

A vulnerability exists in the Workplace X WebUI in which an authenticated user is able to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.

Description

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*

Remediation

Solution:

Remediated in SYS600 10.4 Update to at least SYS600 version 10.4.

Workaround:

Apply general mitigation factors as specify in the advisory.

References

Link	Tags
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106&LanguageCode=en&DocumentPartId=&Action=Launch	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-29490?: CVE-2022-29490 has been scored as a high severity vulnerability.
How to fix CVE-2022-29490?: To fix CVE-2022-29490: Remediated in SYS600 10.4 Update to at least SYS600 version 10.4.
Is CVE-2022-29490 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-29490 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-29490?: CVE-2022-29490 affects Hitachi Energy MicroSCADA X SYS600.

Description

Remediation

Category

CWE-285 – Improper Authorization

References

Frequently Asked Questions