Hitachi Energy TropOS 4th Gen Command Injection Vulnerability Allowing Unauthorized SSH Access

Vulnerability

A command injection vulnerability has been identified in the Logging page of the web-based configuration utility for Hitachi Energy TropOS 4th Gen devices. This vulnerability allows an authenticated user with low privileged network access to the configuration utility to execute arbitrary commands on the underlying operating system. Exploiting this vulnerability could lead to unauthorized root SSH access on the device.

Impact

Exploitation of this vulnerability could result in unauthorized command execution on the device's operating system, potentially leading to root SSH access.

Added: Oct 28, 2025, 1:24 PM

Updated: Oct 28, 2025, 1:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Energy TropOS 4th Gen Command Injection Vulnerability Allowing Unauthorized SSH Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating