How serious is CVE-2026-1772?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-1772?

Yes, proof-of-concept exploit code for CVE-2026-1772 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-1772?

CVE-2026-1772 affects hitachienergy rtu520 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-1772?

To remediate CVE-2026-1772, check for security patches from hitachienergy. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-1772

Medium

|5.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can access sensitive user management information from the RTU500 device, even without proper permissions, by using tools like browser development utilities. This information is not directly available through the device's web interface, so the attacker needs to know how to use these additional tools to exploit the vulnerability.

Technical Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 24, 2026

about 1 month ago

Last Modified

Feb 27, 2026

about 1 month ago

Vendor

hitachienergy

Product

rtu520 firmware

Related Vulnerabilities

CVE-2026-2460High

An attacker with low-level access can exploit a vulnerability in the REB500 firmware to change files and directories they shouldn't be able to modify. This requires the attacker to already have authenticated access to the system, making it a serious risk if such users are compromised.

CVE-2026-2459High

This vulnerability allows an attacker with an Installer role to access and change files in directories they shouldn't be able to, potentially compromising the system's integrity. However, the attacker must already be authenticated as a user with the Installer role to exploit this weakness.

CVE-2026-1773High

This vulnerability allows an attacker to cause a Denial of Service, making the system unresponsive, by sending invalid data frames if the device is set up for bi-directional communication using the IEC 60870-5-104 protocol. Even though enabling secure communication can reduce the risk, it does not completely fix the issue.

CVE-2023-5769Medium

An attacker could inject malicious scripts into the web interface of the RTU500 series devices, potentially allowing them to steal sensitive information or perform actions on behalf of legitimate users. This vulnerability occurs because the device does not properly filter user input, making it easier for attackers to exploit it if they can access the webserver.