Hitachienergy

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2460 1Hitachienergy 1Reb500 Firmware Feb 26, 2026 Feb 24, 2026 7.6 HIGH· v4 8.1 HIGH· v3 N/A· v2 A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
CVE-2026-2459 1Hitachienergy 1Reb500 Firmware Apr 6, 2026 Feb 24, 2026 7.4 HIGH· v4 8.1 HIGH· v3 N/A· v2 A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
CVE-2026-1773 1Hitachienergy 4Rtu520 Firmware Rtu530 FirmwareRtu540 Firmware+1 more May 26, 2026 Feb 24, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communica...Show more IEC 60870-5-104 used in RTU500: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.Show less
CVE-2026-1772 1Hitachienergy 4Rtu520 Firmware Rtu530 FirmwareRtu540 Firmware+1 more Feb 27, 2026 Feb 24, 2026 5.3 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to acces...Show more RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.Show less
CVE-2025-39205 1Hitachienergy 1Microscada X Sys600 Jan 30, 2026 Jun 24, 2025 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
CVE-2025-39204 1Hitachienergy 1Microscada X Sys600 Jan 26, 2026 Jun 24, 2025 8.5 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user.
CVE-2025-39203 1Hitachienergy 1Microscada X Sys600 Jan 26, 2026 Jun 24, 2025 7.1 HIGH· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
CVE-2025-39202 1Hitachienergy 1Microscada X Sys600 Jan 26, 2026 Jun 24, 2025 8.3 HIGH· v4 8.1 HIGH· v3 N/A· v2 A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption.
CVE-2025-39201 1Hitachienergy 1Microscada X Sys600 Jan 26, 2026 Jun 24, 2025 6.9 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service.
CVE-2024-41156 1Hitachienergy 3Tro610 Firmware Tro620 FirmwareTro670 Firmware Dec 5, 2024 Oct 29, 2024 N/A· v4 2.7 LOW· v3 N/A· v2 Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be...Show more Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access.Show less
CVE-2024-41153 1Hitachienergy 3Tro610 Firmware Tro620 FirmwareTro670 Firmware Oct 24, 2025 Oct 29, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute comm...Show more Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.Show less
CVE-2024-7941 1Hitachienergy 1Microscada X Sys600 Oct 30, 2024 Aug 27, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing s...Show more An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.Show less
CVE-2024-7940 1Hitachienergy 1Microscada X Sys600 Aug 28, 2024 Aug 27, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The product exposes a service that is intended for local only to all network interfaces without any authentication.
CVE-2024-4872 1Hitachienergy 2Microscada Pro Sys600 Microscada X Sys600 Oct 30, 2024 Aug 27, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit thi...Show more A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.Show less
CVE-2024-3982 1Hitachienergy 1Microscada X Sys600 Oct 30, 2024 Aug 27, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By defaul...Show more An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it.Show less
CVE-2024-3980 1Hitachienergy 2Microscada Pro Sys600 Microscada X Sys600 Oct 30, 2024 Aug 27, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or m...Show more The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.Show less
CVE-2024-28024 1Hitachienergy 2Foxman Un Unem Nov 21, 2024 Jun 11, 2024 N/A· v4 4.1 MEDIUM· v3 N/A· v2 A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is stored in cleartext within a resource that might be accessible to another control sphere.
CVE-2024-28022 1Hitachienergy 2Foxman Un Unem Apr 29, 2025 Jun 11, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other co...Show more A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of authentication attempts using different passwords, and eventually gain access to other components in the same security realm using the targeted account.Show less
CVE-2024-28020 1Hitachienergy 2Foxman Un Unem Nov 21, 2024 Jun 11, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to...Show more A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.Show less
CVE-2024-2013 1Hitachienergy 2Foxman Un Unem Nov 21, 2024 Jun 11, 2024 N/A· v4 10.0 CRITICAL· v3 N/A· v2 An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack...Show more An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.Show less

12 3 4 5 Next