CVE-2025-7740

Use of default credentials vulnerability in Hitachi Energy SuprOS product

CVSS 8.8 HIGHEPSS 0.2%CWE-1392

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Hitachi Energy · SuprOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000223&LanguageCode=en&DocumentPartId=&Action=launch