Description
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28.

This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Published: 2026-05-07
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE identifies a remote code execution flaw (CWE-94) in the Storage Navigator and maintenance console of Hitachi Virtual Storage Platform devices. While the description does not detail the exact cause, it is inferred that the flaw arises from improper handling of code execution requests, allowing an attacker to run arbitrary code on the affected systems. This leads to compromise of confidentiality, integrity, and availability, potentially giving full control over the devices.

Affected Systems

The vulnerability affects a broad range of Hitachi Virtual Storage Platform models, including G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H and One Block 23, One Block 24, One Block 26, One Block 28. All firmware versions prior to DKCMAIN Ver. 88‑08‑16‑xx/00, SVP Ver. 88‑08‑18‑xx/00, DKCMAIN Ver. 93‑07‑26‑xx/00, SVP Ver. 93‑07‑26‑xx/00, DKCMAIN Ver. A3‑04‑02‑xx/00, MPC Ver. A3‑04‑02‑xx/00, DKCMAIN Ver. A3‑03‑41‑xx/00, MPC Ver. A3‑03‑41‑xx/00, DKCMAIN Ver. A3‑03‑03‑xx/00, and MPC Ver. A3‑03‑03‑xx/00 are affected.

Risk and Exploitability

The CVSS score of 8.3 indicates high severity. An EPSS score is not available, and the absence of a KEV listing suggests the vulnerability is not yet widely used. The attack vector is inferred to be remote through the management interfaces, as the vulnerability affects the Storage Navigator and maintenance console; the exploit does not require local privileged access. Thus, an attacker who gains access to the console could execute arbitrary commands, leading to full takeover of the storage platform.

Generated by OpenCVE AI on May 7, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the affected Hitachi Virtual Storage Platform to a firmware version that is not listed among the affected pre‑release versions. The vendor provides updates that fix the code execution flaw; apply the latest patches available through the Hitachi support portal.
  • If an immediate upgrade is not possible, isolate the management network by restricting all non‑essential inbound and outbound traffic to the Storage Navigator and maintenance console interfaces, thereby limiting exposure to malicious actors. This containment measure should be combined with network segmentation and strict access control policies.
  • Enable logging and monitoring of all management interface activity. Ensure that alerts are configured for anomalous command execution or failed authentication attempts to detect potential exploitation attempts in real time.

Generated by OpenCVE AI on May 7, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Hitachi
Hitachi virtual Storage One Block
Hitachi vsp E1090
Hitachi vsp E1090 Firmware
Hitachi vsp E1090h
Hitachi vsp E1090h Firmware
Hitachi vsp E390
Hitachi vsp E390 Firmware
Hitachi vsp E390h
Hitachi vsp E390h Firmware
Hitachi vsp E590
Hitachi vsp E590 Firmware
Hitachi vsp E590h
Hitachi vsp E590h Firmware
Hitachi vsp E790
Hitachi vsp E790 Firmware
Hitachi vsp E790h
Hitachi vsp E790h Firmware
Hitachi vsp E990
Hitachi vsp E990 Firmware
Hitachi vsp F350
Hitachi vsp F350 Firmware
Hitachi vsp F370
Hitachi vsp F370 Firmware
Hitachi vsp F700
Hitachi vsp F700 Firmware
Hitachi vsp F900
Hitachi vsp F900 Firmware
Hitachi vsp G130
Hitachi vsp G130 Firmware
Hitachi vsp G150
Hitachi vsp G150 Firmware
Hitachi vsp G350
Hitachi vsp G350 Firmware
Hitachi vsp G370
Hitachi vsp G370 Firmware
Hitachi vsp G700
Hitachi vsp G700 Firmware
Hitachi vsp G900
Hitachi vsp G900 Firmware
CPEs cpe:2.3:a:hitachi:virtual_storage_one_block:23:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:virtual_storage_one_block:24:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:virtual_storage_one_block:26:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:virtual_storage_one_block:28:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e1090:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e1090h:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e390:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e390h:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e590:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e590h:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e790:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e790h:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_e990:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_f350:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_f370:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_f700:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_f900:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g130:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g150:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g350:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g370:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g700:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:vsp_g900:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e1090_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e1090h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e390h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e590_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e590h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e790_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e790h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_e990_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_f350_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_f370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_f700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_f900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g350_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachi:vsp_g900_firmware:-:*:*:*:*:*:*:*
Vendors & Products Hitachi
Hitachi virtual Storage One Block
Hitachi vsp E1090
Hitachi vsp E1090 Firmware
Hitachi vsp E1090h
Hitachi vsp E1090h Firmware
Hitachi vsp E390
Hitachi vsp E390 Firmware
Hitachi vsp E390h
Hitachi vsp E390h Firmware
Hitachi vsp E590
Hitachi vsp E590 Firmware
Hitachi vsp E590h
Hitachi vsp E590h Firmware
Hitachi vsp E790
Hitachi vsp E790 Firmware
Hitachi vsp E790h
Hitachi vsp E790h Firmware
Hitachi vsp E990
Hitachi vsp E990 Firmware
Hitachi vsp F350
Hitachi vsp F350 Firmware
Hitachi vsp F370
Hitachi vsp F370 Firmware
Hitachi vsp F700
Hitachi vsp F700 Firmware
Hitachi vsp F900
Hitachi vsp F900 Firmware
Hitachi vsp G130
Hitachi vsp G130 Firmware
Hitachi vsp G150
Hitachi vsp G150 Firmware
Hitachi vsp G350
Hitachi vsp G350 Firmware
Hitachi vsp G370
Hitachi vsp G370 Firmware
Hitachi vsp G700
Hitachi vsp G700 Firmware
Hitachi vsp G900
Hitachi vsp G900 Firmware

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 08:30:00 +0000

Type Values Removed Values Added
Description Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28  : before DKCMAIN Ver. 88-08-16-xx/00, SVP Ver. 88-08-18-xx/00, before DKCMAIN Ver. 93-07-26-xx/00, SVP Ver. 93-07-26-xx/00, before DKCMAIN Ver. A3-04-02-xx/00, MPC Ver. A3-04-02-xx/00, before DKCMAIN Ver. A3-03-41-xx/00, MPC Ver. A3-03-41-xx/00, before DKCMAIN Ver. A3-03-03-xx/00, MPC Ver. A3-03-03-xx/00.
Title Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}

Subscriptions

Hitachi Virtual Storage One Block Vsp E1090 Vsp E1090 Firmware Vsp E1090h Vsp E1090h Firmware Vsp E390 Vsp E390 Firmware Vsp E390h Vsp E390h Firmware Vsp E590 Vsp E590 Firmware Vsp E590h Vsp E590h Firmware Vsp E790 Vsp E790 Firmware Vsp E790h Vsp E790h Firmware Vsp E990 Vsp E990 Firmware Vsp F350 Vsp F350 Firmware Vsp F370 Vsp F370 Firmware Vsp F700 Vsp F700 Firmware Vsp F900 Vsp F900 Firmware Vsp G130 Vsp G130 Firmware Vsp G150 Vsp G150 Firmware Vsp G350 Vsp G350 Firmware Vsp G370 Vsp G370 Firmware Vsp G700 Vsp G700 Firmware Vsp G900 Vsp G900 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-05-07T13:40:00.385Z

Reserved: 2025-03-05T03:18:02.426Z

Link: CVE-2025-1978

cve-icon Vulnrichment

Updated: 2026-05-07T13:39:57.516Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-07T09:16:26.017

Modified: 2026-05-13T19:15:52.813

Link: CVE-2025-1978

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T10:30:27Z

Weaknesses