Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
RTU500: Unprivileged users can access user management data
CVE-2026-1772
Summary
The RTU500 web interface has a security issue that allows unauthorized users to view sensitive user information, such as usernames and settings, if they use special browser tools. This information is not supposed to be accessible through the normal web interface. Affected users should update their RTU500 software to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| hitachienergy | rtu520_firmware | > 12.7.1 , <= 12.7.7 | – |
| hitachienergy | rtu520_firmware | > 13.5.1 , <= 13.5.4 | – |
| hitachienergy | rtu520_firmware | > 13.6.1 , <= 13.6.2 | – |
| hitachienergy | rtu520_firmware | > 13.7.1 , <= 13.7.8 | – |
| hitachienergy | rtu520_firmware | 13.8.1 | – |
| hitachienergy | rtu530_firmware | > 12.7.1 , <= 12.7.7 | – |
| hitachienergy | rtu530_firmware | > 13.5.1 , <= 13.5.4 | – |
| hitachienergy | rtu530_firmware | > 13.6.1 , <= 13.6.2 | – |
| hitachienergy | rtu530_firmware | > 13.7.1 , <= 13.7.8 | – |
| hitachienergy | rtu530_firmware | 13.8.1 | – |
| hitachienergy | rtu540_firmware | > 12.7.1 , <= 12.7.7 | – |
| hitachienergy | rtu540_firmware | > 13.5.1 , <= 13.5.4 | – |
| hitachienergy | rtu540_firmware | > 13.6.1 , <= 13.6.2 | – |
| hitachienergy | rtu540_firmware | > 13.7.1 , <= 13.7.8 | – |
| hitachienergy | rtu540_firmware | 13.8.1 | – |
| hitachienergy | rtu560_firmware | > 12.7.1 , <= 12.7.7 | – |
| hitachienergy | rtu560_firmware | > 13.5.1 , <= 13.5.4 | – |
| hitachienergy | rtu560_firmware | > 13.6.1 , <= 13.6.2 | – |
| hitachienergy | rtu560_firmware | > 13.7.1 , <= 13.7.8 | – |
| hitachienergy | rtu560_firmware | 13.8.1 | – |
Original title
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser develop...
Original description
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
nvd CVSS3.1
5.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-280
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026