CVE-2024-3982

Name of the Vulnerable Software and Affected Versions MicroSCADA X SYS600 (affected versions not specified)

Description The issue is related to bypassing the authentication procedure in the MicroSCADA X SYS600 system. An attacker with local access to the machine where MicroSCADA X SYS600 is installed could enable session logging and try to exploit session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.

Recommendations As a temporary workaround, consider disabling the session logging feature until a patch is available. Restrict access to the MicroSCADA X SYS600 system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.