These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-2460 is a medium-severity authorization issue in Hitachi Energy Relion REB500. According to the CISA-republished Hitachi Energy advisory, a low-privileged authenticated user may use the DAC protocol to access and alter directory content without being authorized to do so. The vendor remediation is to update to version 8.3.3.1.
CVE-2026-2459 is an authorization weakness in Hitachi Energy Relion REB500. The CISA-republished advisory states that an authenticated user with the Installer role can access and alter directory contents outside the role’s authorized scope. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating concern primarily for confidentiality and integrity rather than availability. Hitachi [truncated]
CVE-2026-1773 is a high-severity denial-of-service vulnerability affecting Hitachi Energy RTU500 series CMU Firmware when IEC 60870-5-104 bi-directional functionality is configured. According to the CISA advisory, reception of an invalid U-format frame can trigger a DoS condition. The issue was publicly disclosed on 2026-02-24 and the advisory was republished on 2026-03-03 after CISA incorporated the vend [truncated]
CVE-2026-1772 is a confidentiality issue in the RTU500 web interface. The advisory states that an unprivileged user can read user management information using browser development utilities, even though the data is not exposed through the normal RTU500 web UI. CISA’s advisory assigns CVSS 3.1 4.3/Medium and points to firmware updates as the primary fix.
CVE-2025-7740 is a High-severity default credentials weakness in Hitachi Energy SuprOS. According to the advisory summary, an authenticated local attacker could use this issue to gain access through an admin account created during product deployment. The vendor and CISA guidance focus on removing unwanted accounts, changing default passwords, and applying the recommended update.
CVE-2024-3596 is a critical RADIUS forgery issue affecting Hitachi Energy XMC20. The advisory says a valid RADIUS response under RFC 2865 can be transformed into another response type by a chosen-prefix collision attack against the MD5 Response Authenticator signature. Hitachi Energy and CISA recommend enabling the RADIUS Message-Authenticator option on both the XMC20 and the RADIUS server, and updating t [truncated]