hitachi energy

Top products

The 15 most recently published vulnerabilities affecting hitachi energy.

• CVE-2026-8479IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Servic...6.5May 26, 2026
• CVE-2026-7310A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially craft...5.5May 26, 2026
• CVE-2026-2460A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.8.1Feb 24, 2026
• CVE-2026-2459A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.8.1Feb 24, 2026
• CVE-2026-1773IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. E...7.5Feb 24, 2026
• CVE-2026-1772RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser develop...5.3Feb 24, 2026
• CVE-2025-7740Use of default credentials vulnerability in Hitachi Energy SuprOS product8.8Jan 28, 2026
• CVE-2025-1038The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into...8.8Oct 28, 2025
• CVE-2025-1037By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestrict...8.8Oct 28, 2025
• CVE-2025-1036Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can e...8.8Oct 28, 2025
• CVE-2025-10217A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further m...6.5Sep 30, 2025
• CVE-2025-39205A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.6.5Jun 24, 2025
• CVE-2025-39204A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the...6.5Jun 24, 2025
• CVE-2025-39203A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection...6.5Jun 24, 2025
• CVE-2025-39202A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data co...7.3Jun 24, 2025