hitachienergy

Top products

The 15 most recently published vulnerabilities affecting hitachienergy.

• CVE-2026-2460A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.8.1Feb 24, 2026
• CVE-2026-2459A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.8.1Feb 24, 2026
• CVE-2026-1773IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. E...7.5Feb 24, 2026
• CVE-2026-1772RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser develop...5.3Feb 24, 2026
• CVE-2025-39205A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.6.5Jun 24, 2025
• CVE-2025-39204A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the...6.5Jun 24, 2025
• CVE-2025-39203A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection...6.5Jun 24, 2025
• CVE-2025-39202A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data co...7.3Jun 24, 2025
• CVE-2025-39201A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.6.1Jun 24, 2025
• CVE-2024-41156Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network...2.7Oct 29, 2024
• CVE-2024-41153Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the ...7.2Oct 29, 2024
• CVE-2024-7941An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfu...4.3Aug 27, 2024
• CVE-2024-7940The product exposes a service that is intended for local only to all network interfaces without any authentication.8.3Aug 27, 2024
• CVE-2024-3982An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establi...8.2Aug 27, 2024
• CVE-2024-3980The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the ...9.9Aug 27, 2024