Hitachi Energy TropOS 4th Gen Command Injection Vulnerability Allowing Privileged User to Gain Root Access

Vulnerability

A command injection vulnerability has been identified in the web-based configuration utility of Hitachi Energy's TropOS 4th Generation devices. The issue arises on the 'Diagnostics Tools' page, where user input is not properly validated. This flaw allows an authenticated user with high privileges to inject commands that are executed in the device's command shell. Exploitation of this vulnerability could be used to run various set-uid applications, ultimately leading to root access on the TropOS device.

Impact

Exploitation of this vulnerability allows for unauthorized command execution with elevated privileges, potentially leading to a full compromise of the affected TropOS device by gaining root access.

Added: Oct 28, 2025, 1:23 PM

Updated: Oct 28, 2025, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Energy TropOS 4th Gen Command Injection Vulnerability Allowing Privileged User to Gain Root Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating