Vulnerabilities in Hitachi Energy
105 resultsCVE-2025-27632MEDIUMA Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request EPSS 0.2%CVE-2025-27633MEDIUMThe TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection thaEPSS 0.2%CVE-2024-11499MEDIUMA vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to pEPSS 0.2%CVE-2024-2462MEDIUMAllow attackers to intercept or falsify data exchanges between the client
and the serverEPSS 0.2%CVE-2024-3982HIGHAn attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product andEPSS 0.2%CVE-2024-2378HIGHA vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected inEPSS 0.2%CVE-2021-35530MEDIUMUser authentication bypass in TXpert Hub CoreTec 4EPSS 0.2%CVE-2022-3928HIGHHardcoded credential is found in the message queueEPSS 0.2%CVE-2025-39202HIGHA vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can seeEPSS 0.2%CVE-2024-2377HIGHA vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this EPSS 0.2%CVE-2025-39203HIGHA vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote systemEPSS 0.2%CVE-2025-1484MEDIUMA vulnerability exists in the media upload component of the Asset
Suite versions listed below. If successfully exploited an attacker
couldEPSS 0.2%CVE-2021-40335MEDIUMCross Site Request Forgery (CSRF) in Hitachi Energy’s MSM ProductEPSS 0.2%CVE-2025-7740HIGHUse of default credentials vulnerability in Hitachi Energy SuprOS productEPSS 0.2%CVE-2025-39205HIGHA vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-EPSS 0.2%CVE-2026-8479MEDIUMIEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable
for a NULL pointer dereferencing, if a specially crafted
sequence of messEPSS 0.2%CVE-2024-28023MEDIUMA vulnerability exists in the message queueing mechanism that if
exploited can lead to the exposure of resources or functionality to
unintEPSS 0.2%CVE-2021-35532—Firmware upload verification bypass in TXpert Hub CoreTec 4EPSS 0.2%CVE-2022-2513HIGHCleartext Credentials Vulnerability on Hitachi Energy’s Multiple IED Connectivity Packages (IED ConnPacks) and PCM600 ProductsEPSS 0.1%CVE-2025-1037HIGHBy making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands EPSS 0.1%