These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8479 describes a NULL pointer dereference vulnerability in IEC 60870-5-104 bidirectional mode (BCI) within Hitachi Energy's RTU500 product. The vulnerability can be triggered by a specially crafted sequence of messages sent over a sustained period, resulting in Denial of Service (DoS) impact. The attack requires network adjacency (AV:A) and low attack complexity, with the primary impact being ava [truncated]
A heap-based buffer overflow vulnerability exists in the XML parser functionality of HiDraw software. The vulnerability, assigned CVSS 4.0 score 4.4 (Medium), requires an authenticated attacker with local access to exploit using a specially crafted XML file. Successful exploitation may lead to memory corruption, potential arbitrary code execution, application crashes resulting in denial of service, and co [truncated]
CVE-2026-32776 is a medium-severity vulnerability in Hitachi Energy's RTU500 series CMU Firmware. The vulnerability is caused by a NULL pointer dereference in libexpat before 2.7.5, which can lead to a Denial of Service (DoS) impact. The product is only affected if IEC 61850 functionality is configured. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium [truncated]
CVE-2026-2460 is a medium-severity authorization issue in Hitachi Energy Relion REB500. According to the CISA-republished Hitachi Energy advisory, a low-privileged authenticated user may use the DAC protocol to access and alter directory content without being authorized to do so. The vendor remediation is to update to version 8.3.3.1.
CVE-2026-2459 is an authorization weakness in Hitachi Energy Relion REB500. The CISA-republished advisory states that an authenticated user with the Installer role can access and alter directory contents outside the role’s authorized scope. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, indicating concern primarily for confidentiality and integrity rather than availability. Hitachi [truncated]
CVE-2026-1773 is a high-severity denial-of-service vulnerability affecting Hitachi Energy RTU500 series CMU Firmware when IEC 60870-5-104 bi-directional functionality is configured. According to the CISA advisory, reception of an invalid U-format frame can trigger a DoS condition. The issue was publicly disclosed on 2026-02-24 and the advisory was republished on 2026-03-03 after CISA incorporated the vend [truncated]
CVE-2026-1772 is a confidentiality issue in the RTU500 web interface. The advisory states that an unprivileged user can read user management information using browser development utilities, even though the data is not exposed through the normal RTU500 web UI. CISA’s advisory assigns CVSS 3.1 4.3/Medium and points to firmware updates as the primary fix.
CVE-2025-7740 is a High-severity default credentials weakness in Hitachi Energy SuprOS. According to the advisory summary, an authenticated local attacker could use this issue to gain access through an admin account created during product deployment. The vendor and CISA guidance focus on removing unwanted accounts, changing default passwords, and applying the recommended update.
CVE-2024-3596 is a critical RADIUS forgery issue affecting Hitachi Energy XMC20. The advisory says a valid RADIUS response under RFC 2865 can be transformed into another response type by a chosen-prefix collision attack against the MD5 Response Authenticator signature. Hitachi Energy and CISA recommend enabling the RADIUS Message-Authenticator option on both the XMC20 and the RADIUS server, and updating t [truncated]
CVE-2024-28757 is a medium-severity availability issue in Hitachi Energy RTU500 series components that use libexpat for IEC 61850 client and server processing. According to the CISA CSAF advisory published on 2025-09-16, an authenticated and authorized malicious user could load crafted XML input that may cause memory mismanagement and potentially reboot the RTU500. Hitachi Energy’s remediation guidance ca [truncated]
CVE-2025-23184 is a network-reachable denial-of-service issue associated with Apache CXF versions before 3.5.10, 3.6.5, and 4.0.6. In edge cases, CachedOutputStream instances may not be closed and can fill temporary filesystems, affecting both servers and clients. In the supplied advisory corpus, Hitachi Energy maps this issue to Asset Suite and recommends upgrading to version 9.7 and applying vendor miti [truncated]
CVE-2022-44729 is a high-severity SSRF issue disclosed in CISA’s advisory for Hitachi Energy Asset Suite. The advisory says Apache XML Graphics Batik 1.16 can, by default, load external resources from a malicious SVG, which may lead to resource consumption and in some cases information disclosure. The supplied remediation is to upgrade Asset Suite to version 9.7 and apply the advisory’s general mitigation factors.
CVE-2025-39202 is a high-severity vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600 affecting the Monitor Pro and Supervision log components. According to CISA’s advisory, a local authenticated low-privilege user can see and overwrite files, which can lead to information leakage and data corruption. Hitachi Energy identifies version 10.7 as the fixed release for affected systems.
CVE-2025-2403 is a high-severity availability issue in Hitachi Energy Relion 670/650 and SAM600-IO series devices. CISA describes it as an improper prioritization of network traffic over a protection mechanism that could let a denial-of-service condition interfere with critical functions such as the Line Distance Communication Module (LDCM). The advisory was published on 2025-06-24 and later updated on 20 [truncated]
CVE-2025-1718 is an availability-impacting vulnerability in Hitachi Energy Relion 670/650 and SAM600-IO series devices. According to the advisory, an authenticated user with file access privilege via FTP can cause the device to reboot because of improper disk space management. The issue was publicly disclosed in CISA’s CSAF advisory on 2025-06-24 and later republished with updates through 2026-02-05. The [truncated]
CVE-2025-2500 is a HIGH-severity vulnerability in Hitachi Energy Asset Suite SOAP web services. The public advisory says successful exploitation could lead to unauthorized access to the product and expand the time window for a possible password attack. The advisory scope in the supplied corpus is limited to Asset Suite version 9.6.4.4 and Asset Suite version 9.7, with mitigation guidance focused on genera [truncated]
CVE-2025-1484 is a medium-severity vulnerability in the media upload component of Hitachi Energy Asset Suite. CISA’s advisory states that successful exploitation could affect confidentiality or integrity, and that an attacker can construct a request that causes attacker-supplied JavaScript to execute in a user’s browser within that user’s session. The affected product listed in the advisory is Asset Suite [truncated]
CISA published advisory ICSA-25-196-01 on 2025-04-29 for CVE-2019-9429. The supplied source data describes a memory corruption issue in the profman component that can trigger an out-of-bounds write and potentially lead to unauthorized local escalation of privileges. The affected product is identified in the source metadata as Asset Suite AnyWhere for Inventory (AWI) Android mobile app versions 11.5 (awi_1 [truncated]
CVE-2019-9290 is a high-severity issue affecting Hitachi Energy’s Asset Suite-related Android mobile app deployment described in the advisory as Asset Suite AnyWhere for Inventory (AWI) Android mobile app versions 11.5 and earlier. The problem is a tzdata component mismatch between allocation and deallocation functions that can corrupt memory and may allow a local attacker to escalate privileges. CISA pub [truncated]
CVE-2019-9262 is a high-severity vulnerability affecting Hitachi Energy Asset Suite AnyWhere for Inventory (AWI) Android mobile app versions 11.5 (awi_11.5_armv7) and earlier, as described in the 2025 CISA advisory. The issue is in the MPEG4Extractor component of the media extractor and could allow an attacker to trigger an out-of-bounds write, which may lead to remote code execution. The supplied advisor [truncated]
Hitachi Energy TRMTracker is affected by a reflected cross-site scripting (XSS) vulnerability. According to the CISA CSAF advisory, the issue can allow client-side code injection, which may affect the confidentiality and integrity of the application. The advisory identifies affected TRMTracker branches as 6.2.04 and below, and 6.3.0 and 6.3.01, with vendor updates available.
CVE-2025-27632 is a medium-severity Host Header Injection vulnerability in Hitachi Energy TRMTracker. According to CISA’s advisory, an attacker who can influence the Host header in an HTTP request may be able to leverage multiple attack vectors, including defacing site content through web-cache poisoning. Hitachi Energy and CISA both published guidance on 2025-03-25, and affected versions include TRMTrack [truncated]
CVE-2025-27631 is a medium-severity vulnerability in Hitachi Energy TRMTracker. CISA’s advisory describes an LDAP injection flaw in the TRMTracker web application that could let an attacker manipulate a query and potentially read or update website data, with the advisory also stating remote command execution may be possible. The issue affects TRMTracker versions 6.2.04 and below as well as 6.3.0 and 6.3.0 [truncated]
CVE-2025-1445 is a high-severity availability issue in Hitachi Energy RTU500 CMU Firmware when IEC 61850 is configured to use TLS and an open connection renegotiates during active communication. The advisory ties impact to specific timing conditions and to the CMU hosting the IEC 61850 stack. Hitachi Energy and CISA recommend upgrading to the fixed firmware and applying the advisory’s general mitigation f [truncated]
CVE-2024-12169 is an availability-focused vulnerability in Hitachi Energy RTU500 CMU firmware. When IEC 62351-3 secure communication (TLS) is enabled, a specific attack sequence against IEC 60870-5-104 controlled station or IEC 61850 functionality can restart the affected CMU.
CVE-2024-11499 is a medium-severity availability issue in Hitachi Energy RTU500 Series CMU Firmware. According to the CISA CSAF advisory, an authenticated and authorized attacker can trigger a CMU restart when certificates are updated while they are in use on active connections. The CMU is described as automatically recovering after a successful exploit, but the restart can still interrupt service. The ad [truncated]
CVE-2024-10037 is an authenticated denial-of-service issue in Hitachi Energy RTU500 CMU Firmware. A specially crafted message sequence over a WebSocket connection can disrupt the RTU500 CMU application when RTU500 test mode is enabled. The impact is availability-only and the affected CMU is reported to auto-recover, but the flaw still warrants remediation in OT environments.
CVE-2023-28388 is a medium-severity issue published by CISA on 2025-02-25 for Hitachi Energy MACH PS700. The advisory text describes an uncontrolled search path element in some Intel(R) Chipset Device Software that may allow an authenticated local user to potentially escalate privileges. For defenders, the practical concern is exposure in affected MACH PS700 v2 System deployments where local access is alr [truncated]
CVE-2022-31813 is a critical advisory for Hitachi Energy Service Suite, published by CISA on 2025-02-25, affecting versions 9.8.1.3 and below. The supplied advisory characterizes the issue as Apache HTTP Server 2.4 vulnerabilities and recommends updating to Service Suite 9.8.1.4. The CVSS v3.1 vector indicates remote exploitation with no privileges or user interaction required and potential high impact to [truncated]
CVE-2022-30556 is a Hitachi Energy Service Suite advisory tied to Apache HTTP Server 2.4 vulnerabilities. The supplied CSAF data says versions 9.8.1.3 and below are affected, with a vendor fix available in Service Suite 9.8.1.4. The published CVSS 3.1 vector indicates a network-exploitable issue with no privileges or user interaction required and high confidentiality impact.
CVE-2022-30522 is a high-severity issue in Hitachi Energy Service Suite tied to Apache HTTP Server 2.4 vulnerabilities. The supplied CISA CSAF advisory lists versions 9.8.1.3 and below as affected and recommends upgrading to 9.8.1.4. Because the CVSS vector is network-reachable with no privileges or user interaction required and the impact is availability-only, operators should treat this as a priority pa [truncated]
CVE-2022-29404 is a Hitachi Energy Service Suite issue tied to Apache HTTP Server 2.4 vulnerabilities. According to the CISA CSAF advisory, affected versions are 9.8.1.3 and below, and the vendor remediation is to update to 9.8.1.4. The supplied CVSS vector shows a remotely reachable, no-authentication, no-user-interaction condition with high availability impact, so this is primarily a service-disruption [truncated]
CVE-2022-28614 is a medium-severity issue affecting Hitachi Energy Service Suite. CISA’s advisory ties the affected product to Apache HTTP Server 2.4 vulnerabilities and identifies versions 9.8.1.3 and below as impacted. Hitachi Energy lists version 9.8.1.4 as the remedation. The CVSS vector indicates a network-reachable issue with no privileges or user interaction required and low confidentiality impact.
CISA’s advisory for Hitachi Energy Service Suite identifies Apache HTTP Server 2.4 vulnerabilities affecting versions 9.8.1.3 and below. The vendor remediation is to update to version 9.8.1.4. The supplied CVSS vector indicates a network-reachable issue with low complexity and no privileges or user interaction, but the source corpus does not describe the exact Apache flaw subtype or exploit behavior.
CVE-2022-26377 is a HIGH-severity issue in Hitachi Energy Service Suite tied to Apache HTTP Server 2.4 vulnerabilities. CISA’s advisory, published on 2025-02-25, states that versions 9.8.1.3 and below are affected and that the vendor fix is version 9.8.1.4. The published CVSS vector indicates a network-exploitable issue that requires no privileges or user interaction and can impact integrity.
A buffer overflow vulnerability in Hitachi Energy RTU500 series CMU firmware affects SCI IEC 60870-5-104 and HCI IEC 60870-5-104 protocol implementations. Specially crafted network messages are not properly validated, which can trigger a buffer overflow and cause the RTU500 CMU to reboot. This results in a denial-of-service condition with availability impact. The vulnerability was published on December 19 [truncated]
Hitachi Energy TRO600 series radios export configuration profiles in both plain-text and encrypted formats. Authenticated users with write access can extract these profile files, which contain sensitive network configuration details that could aid reconnaissance against Tropos networks. The vulnerability is rated LOW severity (CVSS 2.7) due to the high privilege requirement and limited confidentiality imp [truncated]
A command injection vulnerability in the Edge Computing UI of Hitachi Energy TRO600 series radios allows authenticated attackers with write access to the web interface to execute arbitrary system commands with root privileges. The vulnerability affects firmware versions 9.1.0.0 through 9.2.0.0 where the Edge Computing functionality is enabled. An attacker exploiting this flaw can escalate beyond their int [truncated]
CVE-2024-7941 is a medium-severity open redirect vulnerability in Hitachi Energy MicroSCADA Pro/X SYS600, published 2024-08-27 and last modified 2025-03-25. An HTTP parameter containing a URL value can cause the web application to redirect requests to attacker-specified URLs, enabling phishing attacks and credential theft. The vulnerability affects MicroSCADA X SYS600 version 10.5. Hitachi Energy released [truncated]
CVE-2024-7940 is a High-severity Hitachi Energy MACH GWS issue disclosed by CISA on 2025-02-25. The advisory says a service intended for local-only access was exposed to all network interfaces without authentication. Hitachi Energy identifies MACH GWS versions 3.1.0.0 through 3.3.0.0 as affected and recommends upgrading to 3.4.0.0 or coordinating mitigation options with the local account team.
CVE-2024-3982 affects Hitachi Energy MACH GWS versions 3.0.0.0 through 3.3.0.0. CISA’s advisory says a local attacker with access to the host could enable the product’s session logging and try to hijack an already established session. The advisory also notes that session logging is disabled by default and only administrators can enable it. Hitachi Energy recommends upgrading to version 3.4.0.0 or contacti [truncated]
CVE-2024-3980 is a critical vulnerability in Hitachi Energy MACH GWS where authenticated user input can control or influence file paths or file names used in filesystem operations. If abused, that could allow access to or modification of system files or other application-critical files. CISA published the advisory on 2025-02-25 and identified affected MACH GWS versions 2.1.0.0 and 2.2.0.0 through 3.3.0.0.
CISA’s advisory for Hitachi Energy Service Suite identifies Apache HTTP Server 2.4 vulnerabilities in versions 9.8.1.3 and below. The vendor remediation is to update to version 9.8.1.4. The supplied CVSS vector points to a network-reachable issue with no privileges or user interaction required and a high availability impact. No Known Exploited Vulnerabilities (KEV) entry is included in the supplied data.
CVE-2023-43622 affects Hitachi Energy Service Suite versions 9.8.1.3 and below. The CISA CSAF advisory characterizes the issue as Apache HTTP Server 2.4 vulnerabilities and assigns a CVSS v3.1 score of 7.5 (High). The supplied remediation is to update to Service Suite version 9.8.1.4.
CVE-2024-28024 is a low-severity confidentiality issue in Hitachi Energy UNEM. According to CISA's CSAF advisory, sensitive information is stored in cleartext within a resource that might be accessible to another control sphere. The advisory lists UNEM R15A, R15B, R16A, R16B, and versions older than R15A as affected. CISA's CVSS 3.1 vector indicates local access, high privileges, and high attack complexit [truncated]
CVE-2024-28023 affects Hitachi Energy UNEM and centers on the product’s message queueing mechanism. According to the advisory corpus, successful abuse could expose resources or functionality to unintended actors and may lead to sensitive information disclosure or, in the worst case, arbitrary code execution. The issue was publicly documented on 2024-06-11 and is scored Medium (CVSS 5.7).
CVE-2024-28022 affects Hitachi Energy UNEM server / APIGateway and allows a malicious user to make an arbitrary number of authentication attempts with different passwords until the targeted account is accessed. The advisory rates the issue CVSS 6.5 (Medium) and lists affected UNEM releases including R15A, R15B, R16A, R16B, and versions older than R15A.
CVE-2024-28021 affects Hitachi Energy UNEM and is described as a flaw in the UNEM server/APIGateway that could allow unintended commands or code execution on the UNEM server. CISA rates the issue CVSS 8.0 HIGH, and Hitachi Energy lists multiple affected UNEM releases with version-specific remediation guidance.
CVE-2024-28020 is a high-severity credential reuse issue in Hitachi Energy UNEM. According to the CISA CSAF advisory and vendor reference, passwords and login information used in UNEM application and server management could be reused to extend access to the server and other services.
CVE-2024-2462 is a medium-severity issue in Hitachi Energy’s ECST client ecosystem affecting ECST, UNEM, and XMC20 versions listed in the advisory. The vendor states that, if exploited, the flaw could allow an attacker to intercept or falsify data exchanges between the client and the server. Hitachi Energy provides version-specific updates for supported releases and advises applying general mitigation fac [truncated]