VDB
ICSA-26-036-05
ICSA-26-036-05
PUBLISHED
CVSS 9 CRITICAL
Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is applicable only if XMC20 devices are configured to use remote RADIUS authentication.
Risk Scores
CVSS v3.1
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| XMC20 version R18 | ||
| XMC20 version R17A and earlier |
Timeline
- Jan 27, 2026 CVE Published
- Feb 5, 2026 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-036-05.json advisory
- https://publisher.hitachienergy.com/preview?DocumentID=1KHW029001&LanguageCode=en&DocumentPartId=R18&Action=launch advisory
- https://publisher.hitachienergy.com/preview?DocumentID=8DBD000233&LanguageCode=en&DocumentPartId=&Action=launch advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-05 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url