REB500: Unauthorized Directory Access and Modification

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.6

REB500: Unauthorized Directory Access and Modification

CVE-2026-2460

Summary

Authenticated users with low-level privileges can access and change files in directories they shouldn't be able to. This could allow unauthorized changes to sensitive data or disrupt system functionality. Update to the latest version of REB500 to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
hitachienergy	reb500_firmware	<= 8.3.3.1	–

Original title

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.

Original description

A vulnerability exists in REB500 for an authenticated user with low-level privileges to access and alter the content of directories by using the DAC protocol that the user is not authorized to do so.

nvd CVSS3.1 8.1

nvd CVSS4.0 7.6

Vulnerability type

CWE-267

https://publisher.hitachienergy.com/preview?DocumentID=8DBD000217&LanguageCode=e... Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026