Hitachi Virtual Storage Platform G130 G150 G350 G370 G700 G900 F350 F370 F700 F900
Monthly
Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote denial-of-service in Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows unauthenticated network attackers to disrupt availability through the 10G iSCSI interface across a wide swath of VSP families including E-series, G/F-series, 5000-series, and legacy G1000/G1500/F1500 platforms. The flaw maps to CWE-770 (uncontrolled resource consumption) and carries a CVSS 3.1 base score of 8.6 with a scope-change indicator, meaning impact extends beyond the iSCSI front-end channel to dependent storage services. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.
Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.
Improper authorization in the Maintenance Utility of Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows an authenticated low-privileged user to perform actions beyond their authorization, undermining the integrity and availability of the storage controller. The flaw affects the VSP E-series, VSP 5000-series, and VSP G/F-series families running pre-fix DKCMAIN and GUM firmware, and was reported by Hitachi itself; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Remote denial-of-service in Hitachi Virtual Storage Platform (VSP) enterprise storage arrays allows unauthenticated network attackers to disrupt availability through the 10G iSCSI interface across a wide swath of VSP families including E-series, G/F-series, 5000-series, and legacy G1000/G1500/F1500 platforms. The flaw maps to CWE-770 (uncontrolled resource consumption) and carries a CVSS 3.1 base score of 8.6 with a scope-change indicator, meaning impact extends beyond the iSCSI front-end channel to dependent storage services. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Remote code execution in Hitachi Virtual Storage Platform G, F, E, and One Block series allows unauthenticated network attackers to execute arbitrary code on storage controllers and maintenance consoles with low impact across confidentiality, integrity, and availability due to changed scope (CVSS 8.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C). The vulnerability affects the Storage Navigator interface and maintenance console across multiple VSP product lines spanning enterprise and mid-range storage arrays. EPSS data not available; no evidence of active exploitation or public POC at time of analysis. Vendor-released patches available with specific firmware versions required for each product family.
Improper restriction of excessive authentication attempts in Hitachi Virtual Storage Platform series (G-series, F-series, E-series, and One Block models) allows unauthenticated remote attackers to conduct brute-force credential attacks and potentially obtain sensitive information through repeated authentication probes without rate-limiting or account lockout mechanisms. The vulnerability affects multiple firmware versions across 28 distinct storage array models and is remotely exploitable without authentication from the network.