IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Hitachi Energy PROMOD V

HIGH
CVSS 7.1
Date 2026-07-07T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2026-10763 7.1 high
CVE-2026-10763. PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

// Remediations (2)

Patch: Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Gu
Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Guide”, Section 2 Essential Skills->Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application.
Mitigation: Apply general mitigation factors
Apply general mitigation factors

// References