VDB
CVE-2026-1772
CVE-2026-1772
PUBLISHED
CVSS 5.300000190734863 MEDIUM
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
EPSS 0.02% · 3.1th percentile
Risk Scores
CVSS 4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.02%
3.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hitachienergy | rtu530_firmware | 12.7.1, 13.5.1, 13.6.1 |
| hitachienergy | rtu560_firmware | 13.6.1, 13.5.1, 13.8.1 |
| Hitachi Energy | RTU500 series CMU firmware | 13.7.1, 12.7.1, 13.5.1 |
| hitachienergy | rtu520_firmware | 12.7.1, 13.5.1, 13.7.1 |
| hitachienergy | rtu540_firmware | 12.7.1, 13.5.1, 12.7.1 |
Exploit Intelligence
- CIRCL seen: CVE-2026-1772 (circl-sighting)
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000237&LanguageCode=en&DocumentPartId=&Action=Launch (circl)
- mockData.ts (github-poc)
- mockData.ts (github-poc)
- mockData.ts (github-poc)
- mockData.ts (github-poc)
Timeline
- Feb 2, 2026 CVE ID Reserved
- Feb 24, 2026 CVE Published
- Feb 25, 2026 EPSS Score
- Feb 27, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Feb 28, 2026 CVE Updated
- Mar 2, 2026 EPSS Score
- Mar 3, 2026 EPSS Score
- Mar 3, 2026 PoC Published
- Mar 5, 2026 EPSS Score
- Mar 6, 2026 EPSS Score
- Mar 8, 2026 EPSS Score