An attacker can send specially crafted iSCSI traffic to a Hitachi Virtual Storage Platform that triggers an excessive allocation of resources in the 10G iSCSI interface. The flaw, identified as a CWE‑770 weakness, results in a denial of service that can halt storage service availability, but does not provide direct remote code execution. The impact is limited to loss of connectivity and degraded storage performance until the faulting operation is cleared or the device is rebooted. No elevation of privileges or data compromise is reported.

The vulnerability affects multiple Hitachi Virtual Storage Platform families, including the E990, E1090, and E1090H series with DKCMAIN firmware before Ver.93‑07‑21‑80/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the E390, E590, and E790 lines and their H variants before DKCMAIN Ver.93‑07‑21‑x0/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the G130, G150, G350, G370, G700, G900, F350, F370, F700, and F900 models before DKCMAIN Ver.88‑08‑10‑x0/00‑05 and CHB(iSCSI) before Ver.88‑01‑02‑04; the G100, G200, G400, G600, G800, F400, F600, and F800 series before DKCMAIN Ver.83‑06‑20‑x0/00‑05 and CHB(iSCSI) before Ver.83‑01‑01‑29; the VX8, 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, and 5600H families before DKCMAIN Ver.90‑09‑01‑00/01‑01 and CHB(iSCSI) before Ver.90‑01‑01‑07; and the VX7, G1000, G1500, and F1500 lines before DKCMAIN Ver.80‑06‑93‑00/00‑04 and ISFC Ver.80‑01‑17.

The CVSS base score of 8.6 indicates a high severity in availability. EPSS is not available, so the precise likelihood of exploitation cannot be quantified, but the lack of a KEV listing suggests no confirmed public exploitation to date. The vulnerability is accessed remotely through the publicly reachable iSCSI interface, meaning an attacker with network visibility to the 10G fabric could initiate the attack by flooding the device with large numbers of iSCSI commands. The DoS effect would likely manifest as service interruptions for end‑users or dependent applications until a restart or firmware patch occurs.