PatchSiren

Hitachi CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Hitachi CVE published 2026-06-29

CVE-2025-2902

CVE-2025-2902 is an Improper Authorization Vulnerability in the Maintenance Utility of Hitachi Virtual Storage Platform. The vulnerability affects multiple models of Hitachi Virtual Storage Platform, including E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H, G130, G150, G350, G370, G700, G900, F350, F370, F700, and F900. The vulnerability has [truncated]

LOW Hitachi CVE published 2026-06-29

CVE-2025-0824

CVE-2025-0824 is a low-severity vulnerability (CVSS Score: 3.7) affecting Hitachi Virtual Storage Platform One Block 23, 24, 26, and 28. The issue arises from a lack of validation for firmware updates. Affected versions include those before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00. This vulnerability was disclosed on June 29, 2026. Users should verify their system versions and consider updating to the late [truncated]

MEDIUM Hitachi CVE published 2026-05-26

CVE-2026-3314

A missing password field masking vulnerability in Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor products allows physical attackers to observe credentials entered into unmasked password fields. The CVSS 3.1 vector (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates this requires physical access to the device, with low attack complexity and no privileges required, resulting in high co [truncated]