CVE-2026-1772
Information Disclosure in RTU500 Web Interface via Browser Tools
Publication date: 2026-02-24
Last updated on: 2026-02-27
Assigner: Hitachi Energy
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hitachienergy | rtu520_firmware | From 12.7.1 (inc) to 12.7.7 (inc) |
| hitachienergy | rtu520_firmware | From 13.5.1 (inc) to 13.5.4 (inc) |
| hitachienergy | rtu520_firmware | From 13.6.1 (inc) to 13.6.2 (inc) |
| hitachienergy | rtu520_firmware | 13.8.1 |
| hitachienergy | rtu520_firmware | From 13.7.1 (inc) to 13.7.8 (exc) |
| hitachienergy | rtu530_firmware | From 12.7.1 (inc) to 12.7.7 (inc) |
| hitachienergy | rtu530_firmware | From 13.5.1 (inc) to 13.5.4 (inc) |
| hitachienergy | rtu530_firmware | From 13.6.1 (inc) to 13.6.2 (inc) |
| hitachienergy | rtu530_firmware | 13.8.1 |
| hitachienergy | rtu530_firmware | From 13.7.1 (inc) to 13.7.8 (exc) |
| hitachienergy | rtu540_firmware | From 12.7.1 (inc) to 12.7.7 (inc) |
| hitachienergy | rtu540_firmware | From 13.5.1 (inc) to 13.5.4 (inc) |
| hitachienergy | rtu540_firmware | From 13.6.1 (inc) to 13.6.2 (inc) |
| hitachienergy | rtu540_firmware | 13.8.1 |
| hitachienergy | rtu540_firmware | From 13.7.1 (inc) to 13.7.8 (exc) |
| hitachienergy | rtu560_firmware | From 12.7.1 (inc) to 12.7.7 (inc) |
| hitachienergy | rtu560_firmware | From 13.5.1 (inc) to 13.5.4 (inc) |
| hitachienergy | rtu560_firmware | From 13.6.1 (inc) to 13.6.2 (inc) |
| hitachienergy | rtu560_firmware | 13.8.1 |
| hitachienergy | rtu560_firmware | From 13.7.1 (inc) to 13.7.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the RTU500 web interface where an unprivileged user can read user management information.
Although this information is not accessible directly through the RTU500 web user interface, it can be accessed using additional tools such as browser development utilities without having the required privileges.
How can this vulnerability impact me? :
The vulnerability allows an unprivileged user to access sensitive user management information that should normally be restricted.
This could potentially lead to unauthorized disclosure of user data, which might be leveraged for further attacks or unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know