Description
DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform.



This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
Published: 2026-06-19
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can send specially crafted iSCSI traffic to a Hitachi Virtual Storage Platform that triggers an excessive allocation of resources in the 10G iSCSI interface. The flaw, identified as a CWE‑770 weakness, results in a denial of service that can halt storage service availability, but does not provide direct remote code execution. The impact is limited to loss of connectivity and degraded storage performance until the faulting operation is cleared or the device is rebooted. No elevation of privileges or data compromise is reported.

Affected Systems

The vulnerability affects multiple Hitachi Virtual Storage Platform families, including the E990, E1090, and E1090H series with DKCMAIN firmware before Ver.93‑07‑21‑80/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the E390, E590, and E790 lines and their H variants before DKCMAIN Ver.93‑07‑21‑x0/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the G130, G150, G350, G370, G700, G900, F350, F370, F700, and F900 models before DKCMAIN Ver.88‑08‑10‑x0/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the G100, G200, G400, G600, G800, F400, F600, and F800 series before DKCMAIN Ver.83‑06‑20‑x0/00‑05 and CHB(iSCSI) before Ver.83‑01‑01‑29; the VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, and 5600H families before DKCMAIN Ver.90‑09‑01‑00/01‑01 and CHB(iSCSI) before Ver.90‑01‑01‑07; and the VX7, G1000, G1500, and F1500 lines before DKCMAIN Ver.80‑06‑93‑00/00‑04 and ISFC Ver.80‑01‑17.

Risk and Exploitability

The CVSS base score of 8.6 indicates a high severity in availability. EPSS is not available, so the precise likelihood of exploitation cannot be quantified, but the lack of a KEV listing suggests no confirmed public exploitation to date. The vulnerability is accessed remotely through the publicly reachable iSCSI interface, meaning an attacker with network visibility to the 10G fabric could initiate the attack by flooding the device with large numbers of iSCSI commands. The DoS effect would likely manifest as service interruptions for end‑users or dependent applications until a restart or firmware patch occurs.

Generated by OpenCVE AI on June 19, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Hitachi Virtual Storage Platform firmware (DKCMAIN and CHB(iSCSI)) to the latest releases specified by Hitachi for each affected series.
  • If an upgrade is not immediately feasible, block or throttle inbound iSCSI traffic to the affected units using firewall or network segmentation to reduce the DoS risk.
  • Engage Hitachi support for any interim hot‑fixes or device‑level throttling workarounds that can be applied until a full firmware update is available.

Generated by OpenCVE AI on June 19, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Hitachi
Hitachi 5100
Hitachi 5100h
Hitachi 5200
Hitachi 5200h
Hitachi 5500
Hitachi 5500h
Hitachi 5600
Hitachi 5600h
Hitachi e1090
Hitachi e1090h
Hitachi e390
Hitachi e390h
Hitachi e590
Hitachi e590h
Hitachi e790
Hitachi e790h
Hitachi e990
Hitachi f1500
Hitachi f350
Hitachi f370
Hitachi f400
Hitachi f600
Hitachi f700
Hitachi f800
Hitachi f900
Hitachi g100
Hitachi g1000
Hitachi g130
Hitachi g150
Hitachi g1500
Hitachi g200
Hitachi g350
Hitachi g370
Hitachi g400
Hitachi g600
Hitachi g700
Hitachi g800
Hitachi g900
Hitachi vx7
Hitachi vx8
Vendors & Products Hitachi
Hitachi 5100
Hitachi 5100h
Hitachi 5200
Hitachi 5200h
Hitachi 5500
Hitachi 5500h
Hitachi 5600
Hitachi 5600h
Hitachi e1090
Hitachi e1090h
Hitachi e390
Hitachi e390h
Hitachi e590
Hitachi e590h
Hitachi e790
Hitachi e790h
Hitachi e990
Hitachi f1500
Hitachi f350
Hitachi f370
Hitachi f400
Hitachi f600
Hitachi f700
Hitachi f800
Hitachi f900
Hitachi g100
Hitachi g1000
Hitachi g130
Hitachi g150
Hitachi g1500
Hitachi g200
Hitachi g350
Hitachi g370
Hitachi g400
Hitachi g600
Hitachi g700
Hitachi g800
Hitachi g900
Hitachi vx7
Hitachi vx8

Mon, 22 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 19 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Description DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platform E990, E1090, E1090H: before DKCMAIN Ver.93-07-21-80/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-80/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-80/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-80/00-04, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform E390, E590, E790, E390H, E590H, E790H: before DKCMAIN Ver.93-07-21-x0/00-05, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-01-x0/00-07, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-82-x0/00-06, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-06-63-x0/00-04, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-24-x0/00-02, CHB(iSCSI) Ver.88-01-02-04, before DKCMAIN Ver.93-07-02-x0/00-02, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900: before DKCMAIN Ver.88-08-10-x0/00-05, CHB(iSCSI) Ver.88-01-02-04; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800: before DKCMAIN Ver.83-06-20-x0/00-05, CHB(iSCSI) Ver.83-01-01-29; Hitachi Virtual Storage Platform VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H: before DKCMAIN Ver.90-09-01-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-83-00/01-01, CHB(iSCSI) Ver.90-01-01-07, before DKCMAIN Ver.90-08-63-00/01-01, CHB(iSCSI) Ver.90-01-01-07; Hitachi Virtual Storage Platform VX7, G1000, G1500, F1500: before DKCMAIN Ver.80-06-93-00/00-04, ISFC Ver.80-01-17.
Title DoS Vulnerability in 10G iSCSI Interface of Hitachi Virtual Storage Platform
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-06-22T15:04:12.624Z

Reserved: 2025-07-17T05:09:06.792Z

Link: CVE-2025-7737

cve-icon Vulnrichment

Updated: 2026-06-22T15:04:08.419Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:48Z

Weaknesses
  • CWE-770

    Allocation of Resources Without Limits or Throttling