CVE-2026-2459 identifies a privilege-related vulnerability in Hitachi Energy's Relion REB500, version 8.0.0.0. The flaw arises from improper privilege definitions (CWE-267), where the Installer role, intended to have limited access, can access and alter directories outside its authorized permissions. This vulnerability allows an authenticated user with Installer privileges to escalate their access within the system, potentially modifying critical configuration or operational files. The CVSS 4.0 score of 7.4 (high) reflects the network attack vector (AV:N), low attack complexity (AC:L), and the requirement for privileged authentication (PR:H) but no user interaction (UI:N). The vulnerability impacts confidentiality and integrity severely (VC:H, VI:H), with no impact on availability or authentication bypass. The scope is limited to the Relion REB500 device, a protection relay used in electrical grid infrastructure, which is critical for power system stability and safety. No patches are currently listed, and no known exploits have been reported, but the potential for misuse in critical infrastructure environments is considerable. The vulnerability highlights the importance of strict privilege separation and access control enforcement in industrial control systems (ICS).

The vulnerability could allow an authenticated Installer role user to access and modify unauthorized directories, potentially leading to unauthorized changes in device configuration or operational parameters. This could compromise the integrity of the protection relay, leading to incorrect operation or failure to protect electrical grid components, risking power outages or equipment damage. Confidentiality breaches could expose sensitive operational data. Given the critical role of Relion REB500 in power grid protection, exploitation could have cascading effects on grid stability and safety. Organizations worldwide relying on Hitachi Energy's protection relays in their electrical infrastructure face risks of operational disruption, safety hazards, and regulatory non-compliance. The requirement for privileged authentication limits exposure but insider threats or compromised credentials could enable exploitation. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially in targeted attacks against critical infrastructure.

1. Conduct immediate audits of user roles and permissions within Relion REB500 devices to ensure Installer role privileges are strictly necessary and minimized. 2. Implement network segmentation and access controls to restrict access to Relion REB500 devices only to trusted administrators and systems. 3. Monitor and log all activities performed by users with Installer roles to detect anomalous or unauthorized directory access attempts. 4. Apply any forthcoming patches or firmware updates from Hitachi Energy promptly once available. 5. Employ multi-factor authentication for all privileged accounts to reduce risk of credential compromise. 6. Consider deploying host-based intrusion detection systems (HIDS) on management networks to detect unauthorized file or directory modifications. 7. Develop and rehearse incident response plans specific to industrial control system compromises. 8. Engage with Hitachi Energy support for guidance and potential workarounds until official patches are released.