CVE-2025-39204 — Vulnetix

CVE-2025-39204 PUBLISHED CVSS 8.5 HIGH

A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.

EPSS 0.26% · 49.4th percentile

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

EPSS Score

0.26%

49.4th percentile

Affected Products

Vendor	Product	Versions
Hitachi Energy	MicroSCADA X SYS600	10.0
hitachienergy	microscada_x_sys600	10.0

Timeline

Jun 24, 2025 Coalition ESS Score
Jun 24, 2025 Coalition ESS Score
Jun 24, 2025 CVE Published
Jun 25, 2025 EPSS Score
Jun 25, 2025 CVE Updated
Jun 26, 2025 Coalition ESS Score
Jul 3, 2025 PoC Published
Jul 5, 2025 EPSS Score
Jul 15, 2025 EPSS Score
Jul 25, 2025 EPSS Score
Aug 4, 2025 EPSS Score
Aug 14, 2025 EPSS Score

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch url
https://nvd.nist.gov/vuln/detail/CVE-2025-39204 advisory

Open in Interactive Console →