Description
Information exposure vulnerability in Hitachi Storage Navigator.

This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
Published: 2026-06-29
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An information exposure vulnerability exists in Hitachi Storage Navigator that allows unauthorized disclosure of sensitive data contained within the virtual storage platform. The flaw is tied to specific firmware and software versions, potentially permitting an attacker to access configuration details, authentication credentials, or other confidential information stored by the system. The weakness is categorized as CWE-522, indicating a failure to protect data at rest or during processing.

Affected Systems

Affected products include Hitachi Virtual Storage Platform lines 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, and VX8 prior to DKCMAIN Ver. 90‑09‑24‑00/00 and SVP Ver. 90‑09‑24/00, as well as G1000, G1500, F1500, and VX7 before DKCMAIN Ver. 80‑06‑96‑00/00 and SVP Ver. 80‑06‑91/00.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate risk level, and no EPSS value is available, implying limited publicly known exploitation activity. The vulnerability is not listed in CISA’s KEV catalog, reducing the likelihood of widespread active attacks but still requiring timely mitigation. Based on the description, the attack vector is likely local or over a management interface, as the flaw involves exposure of data stored on the device and does not specify a remote code execution path.

Generated by OpenCVE AI on June 29, 2026 at 08:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Hitachi firmware updates that include the DKCMAIN and SVP patches for each affected model
  • Restrict access to Hitachi Storage Navigator management interfaces to trusted administrators through network segmentation and strong authentication
  • Regularly audit device configuration and stored data for confidentiality and ensure no sensitive information is exposed

Generated by OpenCVE AI on June 29, 2026 at 08:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hitachi
Hitachi 5100
Hitachi 5100h
Hitachi 5200
Hitachi 5200h
Hitachi 5500
Hitachi 5500h
Hitachi 5600
Hitachi 5600h
Hitachi f1500
Hitachi g1000
Hitachi g1500
Hitachi vx7
Hitachi vx8
Vendors & Products Hitachi
Hitachi 5100
Hitachi 5100h
Hitachi 5200
Hitachi 5200h
Hitachi 5500
Hitachi 5500h
Hitachi 5600
Hitachi 5600h
Hitachi f1500
Hitachi g1000
Hitachi g1500
Hitachi vx7
Hitachi vx8

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 29 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Description Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual Storage Platform 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, VX8: before DKCMAIN Ver. 90-09-24-00/00, SVP Ver. 90-09-24/00, before DKCMAIN Ver. 90-08-86-00/00, SVP Ver. 90-08-86/00; Hitachi Virtual Storage Platform G1000, G1500, F1500, VX7: before DKCMAIN Ver. 80-06-96-00/00, SVP Ver. 80-06-91/00.
Title Information exposure vulnerability in Hitachi Storage Navigator
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-06-29T12:36:33.277Z

Reserved: 2025-07-09T10:16:02.704Z

Link: CVE-2025-7386

cve-icon Vulnrichment

Updated: 2026-06-29T12:35:53.295Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T20:05:40Z

Weaknesses
  • CWE-522

    Insufficiently Protected Credentials