June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens Polarion Vulnerabilities
May 20, 2025
Multiple Intel Products Vulnerabilities
May 20, 2025
ICS: Multiple Siemens Polarion Vulnerabilities
May 20, 2025
Multiple Intel Products Vulnerabilities
May 20, 2025
Severity
Medium
Analysis Summary
CVE-2025-3624 CVSS:4.3
Hitachi Ops Center Analyzer could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the XXXXXX.php script. Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).
CVE-2024-8201 CVSS:5.4
Hitachi Ops Center Analyzer is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
CVE-2025-1531 CVSS:6.5
Hitachi Ops Center Analyzer viewpoint could allow a remote attacker to obtain sensitive information, caused by authentication credentials leakage vulnerability.
CVE-2025-1245 CVSS:6.5
Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer could allow a remote authenticated attacker to bypass security restrictions, caused by a bypass connection restriction Vulnerability.
Impact
- Security Bypass
- Cross-Site Scripting
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-3624
CVE-2024-8201
CVE-2025-1531
CVE-2025-1245
Affected Vendors
Hitachi
Affected Products
- Hitachi Ops Center Analyzer 10.0.0-00
- Hitachi Ops Center Analyzer 11.0.4-00
- Hitachi Ops Center Analyzer - 10.8.0-00
- Hitachi Ops Center Analyzer - 10.9.0-00
- Hitachi Infrastructure Analytics Advisor
Remediation
Refer to Hitachi Security Advisory for patch, upgrade, or suggested workaround information.
