Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Reachable over iSCSI without authentication or user interaction (AV:N/AC:L/PR:N/UI:N); pure availability impact on the CHB extends to dependent host I/O, justifying S:C and A:H with C/I:N.
Primary rating from Vendor (Hitachi).
CVSS VectorVendor: Hitachi
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.
This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
AnalysisAI
Remote denial-of-service in Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows unauthenticated network attackers to disrupt availability through the 10G iSCSI interface across a wide swath of VSP families including E-series, G/F-series, 5000-series, and legacy G1000/G1500/F1500 platforms. The flaw maps to CWE-770 (uncontrolled resource consumption) and carries a CVSS 3.1 base score of 8.6 with a scope-change indicator, meaning impact extends beyond the iSCSI front-end channel to dependent storage services. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Technical ContextAI
Hitachi VSP arrays are enterprise block-storage controllers that expose LUNs over Fibre Channel and iSCSI; the affected component is the CHB (Channel Board) handling 10GbE iSCSI plus the DKCMAIN microcode running on the storage controllers. CWE-770 (Allocation of Resources Without Limits or Throttling) on an iSCSI front-end typically means the iSCSI/TCP session-handling logic on the CHB does not bound connection state, PDU queues, or buffer allocations, so attacker-driven traffic can exhaust controller resources. Because iSCSI is a storage-fabric protocol, exhausting the CHB stalls host I/O for any LUNs reached through that path, which is reflected in the CVSS Scope:Changed flag - the vulnerable iSCSI control plane impacts the broader storage data plane authority.
RemediationAI
Apply the vendor-released microcode updates per the Hitachi advisory at https://www.hitachi.com/products/it/storage-solutions/sec_info/2026/2026_312.html, upgrading both the DKCMAIN package and the CHB(iSCSI) firmware on the channel boards to the fixed trains listed for your specific VSP family (for example, E990/E1090 to DKCMAIN 93-07-21-80/00-05 or later with CHB(iSCSI) 88-01-02-04; G130-G900/F350-F900 to DKCMAIN 88-08-10-x0/00-05 with CHB(iSCSI) 88-01-02-04; VSP 5000-series to DKCMAIN 90-09-01-00/01-01 with CHB(iSCSI) 90-01-01-07; VSP G1000/G1500/F1500 to DKCMAIN 80-06-93-00/00-04 with ISFC 80-01-17). Because microcode updates on enterprise storage are change-controlled and require maintenance windows, in the interim restrict reachability to the 10G iSCSI ports to only authorized initiator subnets via switch ACLs or VLAN segmentation, enforce iSCSI CHAP and disable any unused iSCSI target ports, and consider rate-limiting or stateful-inspection on the SAN fabric - accepting that aggressive ACLs may break legitimate initiator discovery and that disabling ports halts host I/O on those paths. If only some hosts use iSCSI, prefer migrating critical workloads to Fibre Channel paths until microcode can be applied.
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210286
GHSA-787q-6h24-h947