CVE-2026-1772 Hitachi Energy CVE debrief

Who should care

Organizations running Hitachi Energy RTU500 series CMU Firmware, especially OT/ICS operators, administrators, and security teams responsible for web-accessible management interfaces.

Technical summary

The source advisory describes an information disclosure in the RTU500 web interface: a low-privilege user can access user management information that should not be available to them through normal UI flows. The issue is network-reachable and requires low privileges, with no integrity or availability impact listed in the provided CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Affected firmware ranges in the advisory are 12.7.1-12.7.7, 13.5.1-13.5.4, 13.6.1-13.6.2, 13.7.1-13.7.7, and 13.8.1.

Defensive priority

Medium

Recommended defensive actions

• Upgrade to the vendor-fixed firmware version that matches your branch: 12.7.8, 13.7.8 or later, or 13.8.2.
• Follow the vendor's general mitigation factors/workarounds from the advisory until patching is complete.
• Review which users have access to the RTU500 web interface and confirm that low-privilege accounts are not used for administrative functions.
• Apply CISA ICS recommended practices and defense-in-depth guidance for OT environments, including limiting management exposure and enforcing least privilege.

Evidence notes

The source corpus identifies advisory ICSA-26-062-03 / CVE-2026-1772 for the Hitachi Energy RTU500 Product and states that an unprivileged user can read user management information by using browser development utilities. The source also lists the affected CMU firmware ranges and the remediations: 12.7.8, 13.7.8 or latest, and 13.8.2 depending on branch. The provided CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Official resources