Hitachi Latest Vulnerabilities
September 12
Pentaho Data Integration & Analytics Vulnerability: Database Passwords Disclosed
CVE-2024-28981
HitachiPentaho Data Integrati...8.5HIGH
August 27
Malicious Redirection Vulnerability
CVE-2024-7941
HitachiMicroscada Sys6006.1MEDIUM
Unsecured Local Only Service Exposes All Network Interfaces Without Authentication
CVE-2024-7940
HitachiMicroscada Sys6009.8CRITICAL
Attackers Could Exploit Session Hijacking of Already Established Sessions
CVE-2024-3982
HitachiMicroscada Sys6008.2HIGH
Attacker can manipulate system files or sensitive data through setTimeout() calls
CVE-2024-3980
HitachiMicroscada Sys6008.8HIGH
Risk of Injection Attacks Due to Lack of Persistent Data Validation
CVE-2024-4872
HitachiMicroscada Sys6009.8CRITICAL
Hitachi Ops Center Common Services Authentication Bypass Vulnerability
CVE-2024-7125
HitachiHitachi Ops Center Com...7.8HIGH
August 6
Hitachi Tuning Manager Injection Vulnerability Allows Code Injection
CVE-2024-5828
HitachiHitachi Tuning Manager8.6HIGH
Unquoted Executable Path Vulnerability Affects Hitachi Device Manager on Windows
CVE-2024-5963
HitachiHitachi Device Manager6.7MEDIUM
July 2
Incorrect Default Permissions Could Lead to File Manipulation
CVE-2024-2819
HitachiHitachi Ops Center Com...5.1MEDIUM
Incorrect Default Permissions vulnerability affects Hitachi JP1/Extensible SNMP Agent for Windows
CVE-2024-4679
HitachiJp1/extensible Snmp Ag...7.8HIGH
June 25
Local Users Can Read and Write Specific Files Due to Incorrect Default Permissions
CVE-2024-22385
HitachiHitachi Storage Provid...4.4MEDIUM
June 11
Password Reuse Vulnerability in FOXMAN-UN/UNEM Application and Server Management
CVE-2024-28020
HitachiFoxman-un9.9CRITICAL
Vulnerability in FOXMAN-UN/UNEM Exposes Sensitive Information to Unauthorized Access
CVE-2024-28024
HitachiFoxman-un4.1MEDIUM
Arbitrary Authentication Attempts Vulnerability
CVE-2024-28022
HitachiFoxman-un5.6MEDIUM
Unintended Actors May Access Sensitive Information or Execute Arbitrary Code via Vulnerability in Message Queueing Mechanism
CVE-2024-28023
HitachiFoxman-un5.7MEDIUM
Vulnerability in FOXMAN-UN/UNEM Server Could Lead to Loss of Confidentiality and Integrity
CVE-2024-28021
HitachiFoxman-un7.4HIGH
Heap-Based Buffer Overflow Vulnerability in FOXMAN-UN/UNEM Could Lead to Denial of Service or Arbitrary Code Execution
CVE-2024-2011
HitachiFoxman-un9.8CRITICAL
Unintended Command Execution Vulnerability in FOXMAN UN/UNEM Server API Gateway
CVE-2024-2012
HitachiFoxman-un9.8CRITICAL
Authentication Bypass Vulnerability Affects FOXMAN-UN/UNEM Server/API Gateway
CVE-2024-2013
HitachiFoxman-un10CRITICAL
Attacker Could Access Hidden Files and Directories
CVE-2024-2461
HitachiFox61x
CVE-2024-2462
HitachiFoxman-un
April 30
Web Authentication Component Vulnerability Could Lead to Privilege Escalation
CVE-2024-2378
HitachiSdm6008HIGH
Bypass Secure Update Vulnerability in RTU500
CVE-2024-2617
HitachiRtu500 Series Cmu Firm...7.2HIGH
Potential Privilege Escalation Vulnerability in SDM600 HTTP Response Header Settings
CVE-2024-2377
HitachiSdm6007.6HIGH
April 23
Hitachi Ops Center Analyzer Session Hijacking Vulnerability
CVE-2024-2493
HitachiHitachi Ops Center Ana...7.5HIGH
Insertion of Sensitive Information into Log File Vulnerability Affects Hitachi Ops Center Administrator
CVE-2023-6833
HitachiHitachi Ops Center Adm...4.4MEDIUM
March 27
Malicious Client Can Execute Arbitrary Code Remotely via LINQ Query
CVE-2024-2097
HitachiMach Scm7.5HIGH
Authenticated Remote Code Execution Vulnerability Affects SCM Server
CVE-2024-0400
HitachiMach Scm7.5HIGH
Stb-Language File Handling Vulnerability Affects RTU500 Series Products
CVE-2024-1532
HitachiRtu500 Series Cmu Firm...6.8MEDIUM
Vulnerability in stb-language file handling affects RTU500 series products
CVE-2024-1531
HitachiRtu500 Series Cmu Firm...8.2HIGH
Anomalous Authentication: Valid Username/No Password Combination for Batch Job Processing
CVE-2024-2244
HitachiAsset Suite Eam5.3MEDIUM
March 25
Information Exposure Vulnerability in Hitachi Disk Array Systems
CVE-2022-36407
HitachiHitachi Virtual Storag...9.9CRITICAL
March 12
Insertion of Sensitive Information into Log File Vulnerability Affects Cosminexus Component Container
CVE-2023-6814
HitachiCosminexus Component C...5.6MEDIUM
February 28
Server Error Discloses Tomcat Version in Hitachi Vantara Pentaho Data Integration & Analytics Versions
CVE-2023-5617
HitachiPentaho Data Integrati...5.3MEDIUM
February 20
Hitachi Global Link Manager Injection Vulnerability Allows Code Injection
CVE-2024-0715
HitachiHitachi Global Link Ma...7.6HIGH
January 30
Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter
CVE-2024-21840
HitachiHitachi Storage Plug-i...7.1HIGH
January 16
File and Directory Permission Vulnerability in Hitachi Tuning Manager
CVE-2023-6457
HitachiHitachi Tuning Manager7.1HIGH
Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager
CVE-2023-49107
HitachiHitachi Device Manager7.5HIGH
Missing Password Field Masking Vulnerability in Hitachi Device Manager
CVE-2023-49106
HitachiHitachi Device Manager7.5HIGH
January 4
CVE-2022-2081
HitachiRtu500 Series Cmu Firm...7.5HIGH
CVE-2022-3864
HitachiRelion 670/650/sam600-...4.5MEDIUM
December 19
CVE-2023-1514
HitachiRTU500 Scripting Inter...7.4HIGH
CVE-2023-6711
HitachiRtu500 Series Cmu Firm...7.5HIGH
December 14
CVE-2023-5769
HitachiRTU5005.4MEDIUM
December 12
Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')
CVE-2023-3517
HitachiPentaho Data Integrati...8.5HIGH
December 11
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.
CVE-2023-6538
HitachiSystem Management Unit...👾7.6HIGH
December 5
System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
CVE-2023-5808
HitachiSystem Management Unit...👾7.6HIGH
December 4
CVE-2023-5767
HitachiRTU5006.1MEDIUM
CVE-2023-5768
HitachiRTU500 series6.1MEDIUM
December 1
CVE-2023-4518
HitachiRelion6707.5HIGH
November 1
CVE-2023-5516
HitachieSOMS5.3MEDIUM
CVE-2023-5514
HitachieSOMS5.3MEDIUM
CVE-2023-2622
HitachiMACH System Software4.3MEDIUM
CVE-2023-5515
HitachieSOMS5.3MEDIUM
CVE-2023-2621
HitachiMACH System Software6.5MEDIUM
October 3
Information Exposure Vulnerability in Hitachi Ops Center Administrator
CVE-2023-3335
HitachiHitachi Ops Center Adm...5.5MEDIUM
File and Directory Permission Vulnerability in JP1/Performance Management
CVE-2023-3440
HitachiJP1/Performance Manage...7.8HIGH
DoS Vulnerability in Hitachi Ops Center Common Services
CVE-2023-3967
HitachiHitachi Ops Center Com...5.3MEDIUM
September 27
Hitachi Vantara Pentaho Business Analytics Server – Password Stored in a Recoverable Format
CVE-2023-2358
HitachiPentaho Business Analy...4.3MEDIUM
September 11
CVE-2023-4816
HitachiAsset Suite 98.8HIGH
August 29
Insufficient Logging Vulnerability in HiRDB
CVE-2023-1995
HitachiHirdb Server5.3MEDIUM
August 23
Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (KeypadDesigner)
CVE-2023-3495
HitachiEh-view7.8HIGH
Out-of-bounds Read Vulnerability in Hitachi EH-VIEW (Designer)
CVE-2023-39986
HitachiEh-view7.8HIGH
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability in Hitachi EH-VIEW (KeypadDesigner)
CVE-2023-39984
HitachiEH-VIEW7.8HIGH
Out-of-bounds Write Vulnerability in Hitachi EH-VIEW (Designer)
CVE-2023-39985
HitachiEH-VIEW7.8HIGH
July 26
CVE-2022-4608
HitachiRtu500 Series7.5HIGH
CVE-2022-2502
HitachiRtu500 Series7.5HIGH
July 18
Cleartext Transmission Vulnerability in Hitachi Device Manager
CVE-2023-34142
HitachiHitachi Device Manager7.5HIGH
Improper Validation of Certificate Vulnerability in Hitachi Device Manager
CVE-2023-34143
HitachiHitachi Device Manager8.1HIGH
EL Injection Vulnerability in Hitachi Replication Manager
CVE-2022-4146
HitachiHitachi Replication Ma...7.3HIGH
File and Directory Permission Vulnerability in Hitachi Command Suite
CVE-2020-36695
HitachiHitachi Device Manager6.6MEDIUM
June 28
CVE-2023-2625
HitachiTXpert Hub CoreTec 48HIGH
May 30
CVE-2023-1711
HitachiFOXMAN-UN4.4MEDIUM
May 24
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2023-1158
HitachiPentaho Business Analy...4.3MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
CVE-2022-4815
HitachiPentaho Business Analy...8HIGH
May 23
Reflrected Cross Site Scripting Vulnerability in Hitachi Ops Center Analyzer
CVE-2023-30469
HitachiHitachi Ops Center Ana...6.1MEDIUM
April 11
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2022-43770
HitachiPentaho Business Analy...5.4MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation
CVE-2022-3695
HitachiPentaho Business Analy...6.5MEDIUM
April 3
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4771
HitachiPentaho Business Analy...5.4MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
CVE-2022-4770
HitachiPentaho Business Analy...4.3MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
CVE-2022-4769
HitachiPentaho Business Analy...4.3MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Insertion of Sensitive Information into Log File
CVE-2022-43772
HitachiPentaho Business Analy...3.8LOW
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CVE-2022-3960
HitachiPentaho Business Analy...6.3MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference
CVE-2022-43941
HitachiPentaho Business Analy...7.1HIGH
Hitachi Vantara Pentaho Business Analytics Server - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-43771
HitachiPentaho Business Analy...6.5MEDIUM
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization
CVE-2022-43940
HitachiPentaho Business Analy...8.8HIGH
Hitachi Vantara Pentaho Business Analytics Server - Use of Non-Canonical URL Paths for Authorization Decisions
CVE-2022-43939
HitachiPentaho Business Analy...8.6HIGH
Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CVE-2022-43938
HitachiPentaho Business Analy...8.8HIGH
Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource
CVE-2022-43773
HitachiPentaho Business Analy...8.8HIGH
Hitachi Vantara Pentaho Business Analytics Server - Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CVE-2022-43769
HitachiPentaho Business Analy...8.8HIGH
March 28
SDM600 software privilege level
CVE-2022-3685
HitachiSdm6007.5HIGH
SDM600 API permission check
CVE-2022-3686
HitachiSdm6004.8MEDIUM
SDM600 endpoint vulnerability
CVE-2022-3684
HitachiSdm6007.5HIGH
SDM600 API web services authorization validation
CVE-2022-3683
HitachiSdm6007.7HIGH
SDM600 file permission validation
CVE-2022-3682
HitachiSdm6009.9CRITICAL
February 28
File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center
CVE-2020-36652
HitachiHitachi Automation Dir...6.6MEDIUM
Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer
CVE-2022-4895
HitachiHitachi Infrastructure...8.6HIGH
Directory Permission Vulnerability in Hitachi Ops Center Analyzer
CVE-2022-3884
HitachiHitachi Ops Center Ana...7.3HIGH
February 21
IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
CVE-2022-3353
HitachiFox61x Tego15.9MEDIUM