Description
Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28.

This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Published: 2026-06-29
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by a lack of validation during firmware updates on Hitachi Virtual Storage Platform. Because the system does not verify the authenticity or integrity of firmware files, an attacker could replace legitimate firmware with a malicious one. This grants the attacker complete control over the storage device, enabling compromise of data confidentiality, integrity, and availability. The weakness maps to CWE‑347: Improper Validation of Trust‑or‑Security‑Critical Parameters.

Affected Systems

Hitachi Virtual Storage Platform One Block 23, 24, 26, and 28 that are running firmware before DKCMAIN A3-04-21-40/00 or ESM A3-04-21/00 are affected. These versions lack the validation logic required for secure firmware upgrades.

Risk and Exploitability

The CVSS score of 3.7 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that exploitation requires privileged or local access to the device’s management interface or physical access. Those who can send update commands can install arbitrary firmware and gain full control of the system.

Generated by OpenCVE AI on June 29, 2026 at 08:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Hitachi firmware update that includes proper validation of firmware updates
  • Restrict access to the firmware update functionality through role‑based controls or network segmentation
  • Disable the firmware update service when it is not needed and monitor for attempts to upload firmware

Generated by OpenCVE AI on June 29, 2026 at 08:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Hitachi
Hitachi hitachi Virtual Storage Platform One Block 23
Hitachi hitachi Virtual Storage Platform One Block 24
Hitachi hitachi Virtual Storage Platform One Block 26
Hitachi hitachi Virtual Storage Platform One Block 28
Vendors & Products Hitachi
Hitachi hitachi Virtual Storage Platform One Block 23
Hitachi hitachi Virtual Storage Platform One Block 24
Hitachi hitachi Virtual Storage Platform One Block 26
Hitachi hitachi Virtual Storage Platform One Block 28

Mon, 29 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Description Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Title lack of validation for firmware update in Hitachi Virtual Storage
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L'}


Subscriptions

Hitachi Hitachi Virtual Storage Platform One Block 23 Hitachi Virtual Storage Platform One Block 24 Hitachi Virtual Storage Platform One Block 26 Hitachi Virtual Storage Platform One Block 28
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-06-29T12:38:48.701Z

Reserved: 2025-01-29T07:25:51.664Z

Link: CVE-2025-0824

cve-icon Vulnrichment

Updated: 2026-06-29T12:38:33.308Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T19:30:02Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature