Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-1772

Summary
Assigner-Hitachi Energy
Assigner Org ID-e383dce4-0c27-4495-91c4-0db157728d17
Published At-24 Feb, 2026 | 13:03
Updated At-28 Feb, 2026 | 02:19
Rejected At-
Credits

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Hitachi Energy
Assigner Org ID:e383dce4-0c27-4495-91c4-0db157728d17
Published At:24 Feb, 2026 | 13:03
Updated At:28 Feb, 2026 | 02:19
Rejected At:
â–¼CVE Numbering Authority (CNA)

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Affected Products
Vendor
Hitachi Energy Ltd.Hitachi Energy
Product
RTU500 series CMU firmware
Default Status
unaffected
Versions
Affected
  • From 12.7.1 through 12.7.7 (custom)
  • From 13.5.1 through 13.5.4 (custom)
  • From 13.6.1 through 13.6.2 (custom)
  • From 13.7.1 through 13.7.7 (custom)
  • 13.8.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-280CWE-280 Improper Handling of Insufficient Permissions or Privileges
Type: CWE
CWE ID: CWE-280
Description: CWE-280 Improper Handling of Insufficient Permissions or Privileges
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-503CAPEC-503 WebView Exposure
CAPEC ID: CAPEC-503
Description: CAPEC-503 WebView Exposure
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch
N/A
Hyperlink: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cybersecurity@hitachienergy.com
Published At:24 Feb, 2026 | 14:16
Updated At:27 Feb, 2026 | 18:56

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Hitachi Energy Ltd.
hitachienergy
>>rtu520_firmware>>Versions from 12.7.1(inclusive) to 12.7.7(inclusive)
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu520_firmware>>Versions from 13.5.1(inclusive) to 13.5.4(inclusive)
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu520_firmware>>Versions from 13.6.1(inclusive) to 13.6.2(inclusive)
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu520_firmware>>Versions from 13.7.1(inclusive) to 13.7.8(exclusive)
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu520_firmware>>13.8.1
cpe:2.3:o:hitachienergy:rtu520_firmware:13.8.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu520>>-
cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530_firmware>>Versions from 12.7.1(inclusive) to 12.7.7(inclusive)
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530_firmware>>Versions from 13.5.1(inclusive) to 13.5.4(inclusive)
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530_firmware>>Versions from 13.6.1(inclusive) to 13.6.2(inclusive)
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530_firmware>>Versions from 13.7.1(inclusive) to 13.7.8(exclusive)
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530_firmware>>13.8.1
cpe:2.3:o:hitachienergy:rtu530_firmware:13.8.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu530>>-
cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540_firmware>>Versions from 12.7.1(inclusive) to 12.7.7(inclusive)
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540_firmware>>Versions from 13.5.1(inclusive) to 13.5.4(inclusive)
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540_firmware>>Versions from 13.6.1(inclusive) to 13.6.2(inclusive)
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540_firmware>>Versions from 13.7.1(inclusive) to 13.7.8(exclusive)
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540_firmware>>13.8.1
cpe:2.3:o:hitachienergy:rtu540_firmware:13.8.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu540>>-
cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560_firmware>>Versions from 12.7.1(inclusive) to 12.7.7(inclusive)
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560_firmware>>Versions from 13.5.1(inclusive) to 13.5.4(inclusive)
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560_firmware>>Versions from 13.6.1(inclusive) to 13.6.2(inclusive)
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560_firmware>>Versions from 13.7.1(inclusive) to 13.7.8(exclusive)
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560_firmware>>13.8.1
cpe:2.3:o:hitachienergy:rtu560_firmware:13.8.1:*:*:*:*:*:*:*
Hitachi Energy Ltd.
hitachienergy
>>rtu560>>-
cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-280Primarycybersecurity@hitachienergy.com
CWE ID: CWE-280
Type: Primary
Source: cybersecurity@hitachienergy.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launchcybersecurity@hitachienergy.com
Vendor Advisory
Hyperlink: https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch
Source: cybersecurity@hitachienergy.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2023-5516
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.47%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 02:54
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-esomseSOMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-5514
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 51.84%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 02:40
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-esomseSOMS
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-5515
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.47%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 02:49
Updated-27 Feb, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-esomseSOMS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-19003
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-8
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.45%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 19:46
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB eSOMS: HTTPOnly flag not set

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-esomseSOMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-16
Not Available
CVE-2024-9928
Matching Score-8
Assigner-Hitachi Energy
ShareView Details
Matching Score-8
Assigner-Hitachi Energy
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.51%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 13:26
Updated-26 Nov, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-NSD570 Teleprotection Equipmentnsd570_firmware
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-37175
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.07%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_rx1511ruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1500_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1524ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx1512_firmwareRUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-22077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.41%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 00:00
Updated-16 Apr, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions.

Action-Not Available
Vendor-elspec-ltdn/aelspec
Product-g5dfrg5dfr_firmwaren/ag5_digital_fault_recorder
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2025-24029
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 36.55%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 21:26
Updated-22 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Enalean SAS
Product-tuleaptuleap
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2022-30716
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.05% / 16.67%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:55
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
Details not found