CVE-2026-1772 - CVE Detail - IronMonkey Threat Research

Description

RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.

Additional Descriptions (1)

Interfaz web de RTU500: Un usuario sin privilegios puede leer información de gestión de usuarios. No se puede acceder a la información a través de la interfaz de usuario web de RTU500, pero requiere herramientas adicionales como utilidades de desarrollo del navegador para acceder a ella sin los privilegios requeridos.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	LOW
Integrity Impact	NONE
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 1.4

Base Score: 5.3 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	LOW
User Interaction	NONE
Vulnerability Confidentiality	LOW
Vulnerability Integrity	NONE
Vulnerability Availability	NONE
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-280

Affected Products

Vendor	Product	Version	Update	Type
hitachienergy	rtu520_firmware	*	<built-in method update of dict object at 0x72a9a0121640>	Operating System
hitachienergy	rtu520_firmware	*	<built-in method update of dict object at 0x72a9ccfede80>	Operating System
hitachienergy	rtu520_firmware	*	<built-in method update of dict object at 0x72a9ccfefb40>	Operating System
hitachienergy	rtu520_firmware	*	<built-in method update of dict object at 0x72a9cc41e6c0>	Operating System
hitachienergy	rtu520_firmware	13.8.1	<built-in method update of dict object at 0x72a9a0121700>	Operating System
hitachienergy	rtu530_firmware	*	<built-in method update of dict object at 0x72a9a0122900>	Operating System
hitachienergy	rtu530_firmware	*	<built-in method update of dict object at 0x72a9cc575540>	Operating System
hitachienergy	rtu530_firmware	*	<built-in method update of dict object at 0x72a9ccfef000>	Operating System
hitachienergy	rtu530_firmware	*	<built-in method update of dict object at 0x72a9cc81b180>	Operating System
hitachienergy	rtu530_firmware	13.8.1	<built-in method update of dict object at 0x72a9a0121780>	Operating System
hitachienergy	rtu540_firmware	*	<built-in method update of dict object at 0x72a9a0123180>	Operating System
hitachienergy	rtu540_firmware	*	<built-in method update of dict object at 0x72a9ccfec740>	Operating System
hitachienergy	rtu540_firmware	*	<built-in method update of dict object at 0x72a9cdf26100>	Operating System
hitachienergy	rtu540_firmware	*	<built-in method update of dict object at 0x72a9cc576b80>	Operating System
hitachienergy	rtu540_firmware	13.8.1	<built-in method update of dict object at 0x72a9ccfed980>	Operating System
hitachienergy	rtu560_firmware	*	<built-in method update of dict object at 0x72a9cc576dc0>	Operating System
hitachienergy	rtu560_firmware	*	<built-in method update of dict object at 0x72a9ccfeda80>	Operating System
hitachienergy	rtu560_firmware	*	<built-in method update of dict object at 0x72a9cdbfde40>	Operating System
hitachienergy	rtu560_firmware	*	<built-in method update of dict object at 0x72a9ccfeef00>	Operating System
hitachienergy	rtu560_firmware	13.8.1	<built-in method update of dict object at 0x72a9cc50e8c0>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:rtu520_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu520_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu520_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu520_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu520_firmware:13.8.1:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:rtu520:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:rtu530_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu530_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu530_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu530_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu530_firmware:13.8.1:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:rtu530:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:rtu540_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu540_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu540_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu540_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu540_firmware:13.8.1:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:rtu540:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:hitachienergy:rtu560_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu560_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu560_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu560_firmware::::::::`
Yes	`cpe:2.3:o:hitachienergy:rtu560_firmware:13.8.1:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:hitachienergy:rtu560:-:::::::*`

CVE-2026-1772 MEDIUM

Description

CVSS Metrics

Base Score: 5.3 (MEDIUM)

Base Score: 5.3 (MEDIUM)

Weaknesses

Affected Products

Affected Configurations

Operator: OR

Operator: OR

Operator: OR

Operator: OR

Operator: OR

Operator: OR

Operator: OR

Operator: OR

References