Skip to main content

Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H

3 CVEs product

Monthly

CVE-2025-2902 HIGH This Week

Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H Hitachi Virtual Storage Platform 5100 5500 5100H 5500H 5200 5600 5200H 5600H Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-1978 HIGH This Week

Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.

Code Injection RCE Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-2514 MEDIUM This Month

Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.

Information Disclosure Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H Hitachi Virtual Storage Platform One Block 23 One Block 24 One Block 26 One Block 28
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 8.3
HIGH This Week

Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H Hitachi Virtual Storage Platform 5100 5500 5100H 5500H 5200 5600 5200H 5600H +1
NVD VulDB
EPSS 0% CVSS 8.3
HIGH This Week

Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.

Code Injection RCE Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.

Information Disclosure Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900 Hitachi Virtual Storage Platform E390 E590 E790 E990 E1090 E390H E590H E790H E1090H +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy