CVE-2025-39205 — Vulnetix

CVE-2025-39205 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.

EPSS 0.10% · 26.4th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.10%

26.4th percentile

Affected Products

Vendor	Product	Versions
hitachienergy	microscada_x_sys600	10.3
Hitachi Energy	MicroSCADA X SYS600	10.3

Timeline

Jun 24, 2025 Coalition ESS Score
Jun 24, 2025 CVE Published
Jun 25, 2025 EPSS Score
Jun 26, 2025 Coalition ESS Score
Jul 3, 2025 PoC Published
Jul 5, 2025 EPSS Score
Jul 15, 2025 EPSS Score
Jul 25, 2025 EPSS Score
Aug 4, 2025 EPSS Score
Aug 14, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score
Aug 24, 2025 EPSS Score

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000218&LanguageCode=en&DocumentPartId=&Action=Launch url
https://nvd.nist.gov/vuln/detail/CVE-2025-39205 advisory

Open in Interactive Console →