CVE-2026-1772

CVSS 5.3 MEDIUMEPSS 0.3%CWE-280

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.3EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Hitachi Energy · RTU500 series CMU firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch