Description
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.

This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Published: 2026-05-07
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies a remote code execution flaw (CWE-94) in the Storage Navigator and maintenance console of Hitachi Virtual Storage Platform devices. While the description does not detail the exact cause, it is inferred that the flaw arises from improper handling of code execution requests, allowing an attacker to run arbitrary code on the affected systems. This leads to compromise of confidentiality, integrity, and availability, potentially giving full control over the devices.

Affected Systems

The vulnerability affects a broad range of Hitachi Virtual Storage Platform models, including G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H and One Block 23, One Block 24, One Block 26, One Block 28. All firmware versions prior to DKCMAIN Ver. 88‑08‑16‑xx/00, SVP Ver. 88‑08‑18‑xx/00, DKCMAIN Ver. 93‑07‑26‑xx/00, SVP Ver. 93‑07‑26‑xx/00, DKCMAIN Ver. A3‑04‑02‑xx/00, MPC Ver. A3‑04‑02‑xx/00, DKCMAIN Ver. A3‑03‑41‑xx/00, MPC Ver. A3‑03‑41‑xx/00, DKCMAIN Ver. A3‑03‑03‑xx/00, and MPC Ver. A3‑03‑03‑xx/00 are affected.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity. An EPSS score is not available, and the absence of a KEV listing suggests the vulnerability is not yet widely used. The attack vector is inferred to be remote through the management interfaces, as the vulnerability affects the Storage Navigator and maintenance console; the exploit does not require local privileged access. Thus, an attacker who gains access to the console could execute arbitrary commands, leading to full takeover of the storage platform.

Generated by OpenCVE AI on May 7, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the affected Hitachi Virtual Storage Platform to a firmware version that is not listed among the affected pre‑release versions. The vendor provides updates that fix the code execution flaw; apply the latest patches available through the Hitachi support portal.
  • If an immediate upgrade is not possible, isolate the management network by restricting all non‑essential inbound and outbound traffic to the Storage Navigator and maintenance console interfaces, thereby limiting exposure to malicious actors. This containment measure should be combined with network segmentation and strict access control policies.
  • Enable logging and monitoring of all management interface activity. Ensure that alerts are configured for anomalous command execution or failed authentication attempts to detect potential exploitation attempts in real time.

Generated by OpenCVE AI on May 7, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 08:30:00 +0000

Type Values Removed Values Added
Description Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Title Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-05-07T13:40:00.385Z

Reserved: 2025-03-05T03:18:02.426Z

Link: CVE-2025-1978

cve-icon Vulnrichment

Updated: 2026-05-07T13:39:57.516Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T09:16:26.017

Modified: 2026-05-07T15:15:06.770

Link: CVE-2025-1978

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T10:30:27Z

Weaknesses