Hitachi Hitachi

  1. Vendors
  2. Hitachi

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Hitachi product.

RSS Feeds for Hitachi security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Hitachi products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Hitachi Sorted by Most Security Vulnerabilities since 2018

Hitachi Pentaho Business Analytics Server17 vulnerabilities

Hitachi Storage Plug In4 vulnerabilities

Hitachi Tuning Manager2 vulnerabilities

Hitachi Ops Center Common Services2 vulnerabilities

Hitachi Vantara Pentaho Data Integration Analytics1 vulnerability

Hitachi Gr40001 vulnerability

Hitachi Gr30001 vulnerability

Hitachi Gr20001 vulnerability

Hitachi Global Link Manager1 vulnerability

Hitachi Business Analytics Server1 vulnerability

Hitachi Asset Suite1 vulnerability

By the Year

In 2026 there have been 5 vulnerabilities in Hitachi. Last year, in 2025 Hitachi had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Hitachi in 2026 could surpass last years number.




Year Vulnerabilities Average Score
2026 5 0.00
2025 12 6.88
2024 10 7.38
2023 28 7.34
2022 9 6.90
2021 10 7.43
2020 0 0.00
2019 0 0.00
2018 1 0.00

It may take a day or so for new Hitachi vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Hitachi Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-2460 Feb 24, 2026
REB500 DAC Permission Escalation via Low Privileges A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.
CVE-2026-2459 Feb 24, 2026
Hitachi Energy REB500 Installer Escalation: Unauthorized Directory Access A vulnerability exists in REB500 for an authenticated user with Installer role to access and alter the contents of directories that the role is not authorized to do so.
CVE-2026-1773 Feb 24, 2026
IEC 60870-5-104 CVE-2026-1773: DoS on Invalid U-Format Frame - Hitachi Energy IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
CVE-2026-1772 Feb 24, 2026
Unprivileged Access to User Management Data via Hitachi RTU500 Web UI RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
CVE-2025-7740 Jan 28, 2026
Default Creds in SuprOS Allow Local Auth Attack Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.
CVE-2025-66444 Dec 24, 2025
XSS in Hitachi Infr. Analytics Advisor (pre-11.0.5) Data Center Comp Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
CVE-2025-66445 Dec 24, 2025
Auth bypass in Hitachi Infrastructure Analytics Advisor before 11.0.5-00 Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
CVE-2025-10217 Sep 30, 2025
Asset Suite Authenticated Log Injection / Log Data Manipulation (CVE-2025-10217) A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolving application performance related issues.
Asset Suite
CVE-2025-39205 Jun 24, 2025
TLS cert validation flaw in MicroSCADA X SYS600 (IEC61850) A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation.
CVE-2025-39203 Jun 24, 2025
MicroSCADA X SYS600 IEC61850 DoS via crafted msg causing disconnect loop A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop.
CVE-2025-24911 Apr 16, 2025
Pentaho BSA XML XEE flaw pre-10.2.0.2 Overview   XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of XML entities. It is possible to define an entity by providing a substitution string in the form of a URI. Once the content of the URI is read, it is fed back into the application that is processing the XML. This application may echo back the data (e.g. in an error message), thereby exposing the file contents. (CWE-611)   Description   Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.2, including 9.3.x and 8.3.x, do not correctly protect Data Access XMLParserFactoryProducer against out-of-band XML External Entity Reference.   Impact   By submitting an XML file that defines an external entity with a file:// URI, an attacker can cause the processing application to read the contents of a local file. Using URIs with other schemes such as http://, the attacker can force the application to make outgoing requests to servers that the attacker cannot reach directly, which can be used to bypass firewall restrictions or hide the source of attacks such as port scanning.
Pentaho Business Analytics Server
CVE-2025-0757 Apr 16, 2025
Pentaho BA Server XSS in Analyzer Plugin (before 10.2.0.2/9.3.x/8.3.x) Overview   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)   Description   Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface.   Impact   Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.
Pentaho Business Analytics Server
CVE-2025-27632 Mar 25, 2025
TRMTracker Host Header Injection Enables Web-Cache Poisons A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
CVE-2024-37361 Feb 20, 2025
Pentaho Business Analytics Server <=10.2.0.0 deserialization flaw (CWE-502) The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. (CWE-502)   Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.   When developers place no restrictions on "gadget chains," or series of instances and method invocations that can self-execute during the deserialization process (i.e., before the object is returned to the caller), it is sometimes possible for attackers to leverage them to perform unauthorized actions.
Pentaho Business Analytics Server
CVE-2024-37363 Feb 20, 2025
Pentaho BAnalytcs Server <10.2/9.3.0.8: Auth Check Missing in Data Source Mgmt The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862)  Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, do not correctly perform an authorization check in the data source management service. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.
Pentaho Business Analytics Server
CVE-2024-37359 Feb 19, 2025
Pentaho BI Server 10.2.0.0- Unsafe Host Header Allowing HTTP Proxying (CWE-918) The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918)   Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not validate the Host header of incoming HTTP/HTTPS requests.   By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.
Pentaho Business Analytics Server
CVE-2024-37360 Feb 19, 2025
Pentaho Business Analytics Server <10.2.0.0 XSS in Analyzer Plugin Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')   The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. (CWE-79)   Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.0 and 9.3.0.9, including 8.3.x, allow a malicious URL to inject content into the Analyzer plugin interface.   Once the malicious script is injected, the attacker can perform a variety of malicious activities. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site.
Pentaho Business Analytics Server
CVE-2024-7125 Aug 27, 2024
Hitachi Ops Center Common Services Auth Bypass <11.0.2-01 Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.
Ops Center Common Services
CVE-2024-5828 Aug 06, 2024
EL Injection in Hitachi Tuning Manager pre-8.8.7-00 (Code Injection) Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00.
Tuning Manager
CVE-2024-2819 Jul 02, 2024
Improper Permissions in Hitachi Ops Center Common Services v<11.0.2 Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00.
Ops Center Common Services
CVE-2024-28982 Jun 26, 2024
Pentaho BSA 10.1.0.0/9.3.0.7 XML External Entity (XXE) at ACL Endpoint Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference.
Pentaho Business Analytics Server
CVE-2024-28984 Jun 26, 2024
Pentaho Business Analytics Server <=10.1.0.0 Analyzer Plugin URL Injection Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Pentaho Business Analytics Server
CVE-2024-28983 Jun 26, 2024
Pentaho BSA Analyzer Plugin Content Injection Before 10.1 (CVE-2024-28983) Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface.
Business Analytics Server
Pentaho Business Analytics Server
CVE-2023-5617 Feb 28, 2024
Pentaho Data Integration Info Disclosure: Tomcat version leaked before v10.1.0.0 / 9.3.0.6 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.
Vantara Pentaho Data Integration Analytics
CVE-2024-0715 Feb 20, 2024
EL Injection in Hitachi Global Link Manager before 8.8.7-03 on Windows Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03.
Global Link Manager
CVE-2024-21840 Jan 30, 2024
Hitachi Storage Plug-in for VMware vCenter: Incorrect Perms(4.0.0-04.9.2) Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
Storage Plug In
CVE-2023-6457 Jan 16, 2024
Hitachi Tuning Manager <8.8.5-04: local users gain RD/WR via default perms Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.
Tuning Manager
CVE-2023-3517 Dec 12, 2023
Pentaho Data Integration JNDI ID unsanitization in XActions <9.5.0.1/9.3.0.5 Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources.
Pentaho Data Integration Analytics
CVE-2023-2358 Sep 27, 2023
Pentaho BA Server <=9.5.0.0/9.3.0.4/8.3.x.x - Hadoop Copy Files step plaintext passwords Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. 
Pentaho Business Analytics Server
CVE-2023-39984 Aug 23, 2023
Hitachi EH-VIEW KeypadDesigner Improper Bounds Check Vulnerability ** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially disclose information and execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Eh View
CVE-2023-39985 Aug 23, 2023
Out-of-Bounds Write in Hitachi EH-VIEW Designer ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Eh View
CVE-2023-39986 Aug 23, 2023
Out-of-bounds Read in Hitachi EH-VIEW Designer (Windows) ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially disclose information on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Eh View
CVE-2023-3495 Aug 23, 2023
EoB Write in Hitachi EHVIEW KeypadDesigner enables local RCE ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Eh View
CVE-2023-1158 May 24, 2023
Pentaho BA Server <=9.3.0.3 / 8.3.x: Unauthorized Dashboard Prompt Exposure Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 
Vantara Pentaho Business Analytics Server
Vantara Pentaho
CVE-2022-4815 May 24, 2023
Pentaho BA Server <=9.4.0.1/9.3.0.3 JSON deserialization vulnerability Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 
Vantara Pentaho Business Analytics Server
Vantara Pentaho
CVE-2022-3960 Apr 03, 2023
Pentaho BAs: CDE Scripting Not Disabled pre-9.4.0.1 (Hitachi Vantara) Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.
Vantara Pentaho Business Analytics Server
CVE-2022-43771 Apr 03, 2023
Pentaho Server <9.4 CSV Import Path Traversal via Data Access Plugin Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-43772 Apr 03, 2023
Pentaho BaaS <9.4/9.3: cleartext cluster creds logged Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-43938 Apr 03, 2023
Pentaho BAS <=9.3.0.2 Admin Cannot Disable JVM Scripting in Reports Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.
Vantara Pentaho Business Analytics Server
CVE-2022-43939 Apr 03, 2023
Pentaho Business Analytics Server <9.4.0.1 URL canonicalization bypass Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-43940 Apr 03, 2023
Auth Bypass Pentaho B.A.S. Hitachi Vantara <9.4.0.1 & <9.3.0.2 Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.
Vantara Pentaho Business Analytics Server
CVE-2022-43941 Apr 03, 2023
Pentaho BCE: XEE via Post Analysis Endpoint <9.4.0.1 Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-4769 Apr 03, 2023
Pentaho BA Server 9.4-8.3 Path Disclosure 9.4.0/9.3.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.
Vantara Pentaho Business Analytics Server
CVE-2022-4770 Apr 03, 2023
Pentaho Business Analytics Server: SQL Query Leak via Report Errors (pre-9.4) Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).
Vantara Pentaho Business Analytics Server
CVE-2022-4771 Apr 03, 2023
Pentaho <=9.3.0.2 User Console Content Injection via URL Session Vars Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-43773 Apr 03, 2023
Pentaho BA Server <9.4.0.1 Stored Proc HSQLDB Flaw Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.
Vantara Pentaho Business Analytics Server
Pentaho Business Analytics Server
CVE-2022-43769 Apr 03, 2023
Pentaho BA Server <9.4.0.1: Web Service Template Injection via Spring Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Vantara Pentaho Business Analytics Server
CVE-2022-3353 Feb 21, 2023
IEC 61850 MMS DoS via crafted sequence Hitachi Energy (prev2.2.3) A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client connections. Already existing/established client-server connections are not affected. List of affected CPEs: * cpe:2.3:o:hitachienergy:fox61x_tego1:r15b08:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16_3:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r2a16:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1e01:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1d02:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1c07:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:fox61x_tego1:r1b02:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:gms600:1.3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.1.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.5.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.6.0.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.7.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:1.8.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.0.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:itt600_sa_explorer:2.1.0.5:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:microscada_x_sys600:10.4.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:mms:2.2.3:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:pwc600:1.2:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:7:*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:reb500:8:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:1.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.0.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:1.3.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.1.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.1:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relionSAM600-IO:2.2.5:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion670:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:relion650:2.2.*:*:*:*:*:*:*:* * cpe:2.3:o:hitachienergy:rtu500cmu:12.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:rtu500cmu:13.*.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:2.*:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_4:3.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:txpert_hub_coretec_5:3.0:*:*:*:*:*:*:*
Itt600 Sa Explorer
CVE-2022-4041 Jan 31, 2023
Hitachi Storage Plug-in for VMware vCenter: Privilege Escalation (pre-04.9.1) Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
Storage Plug In
CVE-2022-4441 Jan 31, 2023
PrivEsc via Bad PrivAssign in Hitachi Storage Plugin vCenter 04.9.0 (fix 04.9.1) Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
Storage Plug In
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.