CVE-2024-3982

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-294
View all →

Vulnerability Description

An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.

Related Vulnerabilities

CVE-2017-5251

HIGH
CVSS:8.1(High)

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-2942017

CVE-2018-17935

HIGH
CVSS:8.1(High)

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of a...

CWE-2942018

CVE-2019-12887

HIGH
CVSS:8.1(High)

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

CWE-2942019

CVE-2019-13533

HIGH
CVSS:8.1(High)

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening a...

CWE-2942019

CVE-2020-27157

HIGH
CVSS:8.1(High)

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to ...

CWE-2942020