CVE-2026-1772

MEDIUM

RTU500 - Info Disclosure

Title source: llm

Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

References (1)

[Various Sources] https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch

Scores

CVSS v3 5.3

EPSS 0.0001

EPSS Percentile 2.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-280

Status published

Products (8)

hitachienergy/rtu520_firmware 13.8.1

hitachienergy/rtu520_firmware 12.7.1 - 12.7.7

hitachienergy/rtu530_firmware 13.8.1

hitachienergy/rtu530_firmware 12.7.1 - 12.7.7

hitachienergy/rtu540_firmware 13.8.1

hitachienergy/rtu540_firmware 12.7.1 - 12.7.7

hitachienergy/rtu560_firmware 13.8.1

hitachienergy/rtu560_firmware 12.7.1 - 12.7.7

Published Feb 24, 2026

Tracked Since Feb 24, 2026