Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H
Monthly
Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.
Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.
Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.
Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.