CVE-2026-1772 MEDIUM

CVE-2026-1772

Vendor Hitachi Energy
Product RTU500 series CMU firmware
Weakness CWE-280
Published February 24, 2026
Last update February 28, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Key dates

02Disclosure timeline

February 24, 2026 CVE published
February 28, 2026 Record updated