CVE-2026-1772 is an improper authentication vulnerability (CWE-287) identified in the firmware of Hitachi Energy's RTU500 series Communication Management Units (CMUs). The vulnerability exists in the web interface of the RTU500 devices, where an unprivileged user can retrieve sensitive user management information that should be restricted. Although the RTU500 web interface does not openly expose this data, it can be accessed using browser developer tools or similar methods, effectively bypassing the intended privilege restrictions. This flaw affects multiple firmware versions, specifically 12.7.1, 13.5.1, 13.6.1, 13.7.1, and 13.8.1. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 5.3, reflecting medium severity, with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to confidentiality, as the vulnerability allows reading user management information but does not permit modification or control of the device. No patches or exploits are currently publicly available, but the exposure of user management data could aid attackers in crafting further attacks or gaining unauthorized access. Given the critical role of RTU500 devices in energy and industrial control systems, this vulnerability poses a risk to operational security and should be addressed promptly.

The primary impact of CVE-2026-1772 is the unauthorized disclosure of user management information from RTU500 CMU devices. This information leakage can facilitate reconnaissance by attackers, enabling them to identify valid user accounts, roles, or configurations that could be leveraged in subsequent attacks such as privilege escalation or unauthorized access. Although direct control or disruption of the device is not possible through this vulnerability alone, the exposure of sensitive user data undermines the confidentiality and potentially the integrity of the system. For organizations operating critical infrastructure, such as electric utilities or industrial control environments, this could increase the risk of targeted attacks against supervisory control and data acquisition (SCADA) systems. The vulnerability's remote exploitability without authentication and user interaction means attackers can attempt exploitation over the network with relative ease, increasing the threat surface. While no known exploits are currently active in the wild, the medium severity rating and the critical nature of affected systems warrant immediate attention to prevent potential compromise or lateral movement within networks.

To mitigate CVE-2026-1772, organizations should take the following specific actions: 1) Apply firmware updates as soon as Hitachi Energy releases patches addressing this vulnerability; monitor vendor advisories closely. 2) Restrict network access to RTU500 web interfaces by implementing strict firewall rules and network segmentation, limiting access only to trusted management stations. 3) Employ strong authentication and authorization controls on management interfaces, including multi-factor authentication where possible, to reduce the risk of unauthorized access. 4) Monitor network traffic and device logs for unusual access patterns or attempts to use browser developer tools or other methods to extract sensitive information. 5) Conduct regular security assessments and penetration testing focused on web interface security to identify similar weaknesses. 6) Educate operational technology (OT) personnel about the risks of exposing management interfaces and the importance of secure configuration. 7) Consider deploying web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) that can detect and block attempts to exploit this vulnerability. These measures, combined with prompt patching, will reduce the likelihood of successful exploitation and limit exposure of sensitive user management data.