CVE-2025-39204 HIGH

CVE-2025-39204

Vendor Hitachi Energy
Product MicroSCADA X SYS600
Weakness CWE-200 · Info exposure
Published June 24, 2025
Last update June 25, 2025

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

Key dates

02Disclosure timeline

June 24, 2025 CVE published
June 25, 2025 Record updated