CVE-2026-1772

MEDIUM

RTU500 - Info Disclosure

Title source: llm

Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

References (1)

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 5.3

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-280

Status published

Affected Products (8)

hitachienergy/rtu520_firmware < 12.7.7

hitachienergy/rtu520_firmware

hitachienergy/rtu530_firmware < 12.7.7

hitachienergy/rtu530_firmware

hitachienergy/rtu540_firmware < 12.7.7

hitachienergy/rtu540_firmware

hitachienergy/rtu560_firmware < 12.7.7

hitachienergy/rtu560_firmware

Timeline

Published Feb 24, 2026

Tracked Since Feb 24, 2026