CVE-2026-1772

Summary

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Affected Software

VendorProductVersion RangeStatus
Hitachi EnergyRTU500 series CMU firmware12.7.1 <= 12.7.7affected
Hitachi EnergyRTU500 series CMU firmware13.5.1 <= 13.5.4affected
Hitachi EnergyRTU500 series CMU firmware13.6.1 <= 13.6.2affected
Hitachi EnergyRTU500 series CMU firmware13.7.1 <= 13.7.7affected
Hitachi EnergyRTU500 series CMU firmware13.8.1affected

Weaknesses

  • CWE-280: CWE-280 Improper Handling of Insufficient Permissions or Privileges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References