{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2024-3980",
        "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "state": "PUBLISHED",
        "assignerShortName": "Hitachi Energy",
        "dateReserved": "2024-04-19T12:45:24.793Z",
        "datePublished": "2024-08-27T12:42:41.124Z",
        "dateUpdated": "2024-08-30T15:38:34.341Z"
    },
    "containers": {
        "cna": {
            "affected": [
                {
                    "defaultStatus": "unaffected",
                    "product": "MicroSCADA SYS600",
                    "vendor": "Hitachi Energy",
                    "versions": [
                        {
                            "lessThanOrEqual": "10.5",
                            "status": "affected",
                            "version": "10.0",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "supportingMedia": [
                        {
                            "base64": false,
                            "type": "text/html",
                            "value": "The product allows user input to control or influence paths or file\nnames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are\ncritical to the application."
                        }
                    ],
                    "value": "The product allows user input to control or influence paths or file\nnames that are used in filesystem operations, allowing the attacker to access or modify system files or other files that are\ncritical to the application."
                }
            ],
            "impacts": [
                {
                    "capecId": "CAPEC-38",
                    "descriptions": [
                        {
                            "lang": "en",
                            "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                        }
                    ]
                }
            ],
            "metrics": [
                {
                    "cvssV3_1": {
                        "attackComplexity": "LOW",
                        "attackVector": "NETWORK",
                        "availabilityImpact": "HIGH",
                        "baseScore": 9.9,
                        "baseSeverity": "CRITICAL",
                        "confidentialityImpact": "HIGH",
                        "integrityImpact": "HIGH",
                        "privilegesRequired": "LOW",
                        "scope": "CHANGED",
                        "userInteraction": "NONE",
                        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                        "version": "3.1"
                    },
                    "format": "CVSS",
                    "scenarios": [
                        {
                            "lang": "en",
                            "value": "GENERAL"
                        }
                    ]
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-22",
                            "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
                "shortName": "Hitachi Energy",
                "dateUpdated": "2024-08-30T15:38:34.341Z"
            },
            "references": [
                {
                    "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000160&LanguageCode=en&DocumentPartId=&Action=Launch"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "x_generator": {
                "engine": "Vulnogram 0.2.0"
            }
        },
        "adp": [
            {
                "affected": [
                    {
                        "vendor": "hitachienergy",
                        "product": "microscada_sys600",
                        "cpes": [
                            "cpe:2.3:a:hitachienergy:microscada_sys600:10.0:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "10.0",
                                "status": "affected",
                                "lessThanOrEqual": "10.5",
                                "versionType": "custom"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-08-28T14:10:05.924302Z",
                                "id": "CVE-2024-3980",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-08-28T14:15:23.862Z"
                }
            }
        ]
    }
}