Hitachi Energy Tropos 4Th Gen vulnerabilities
3 known vulnerabilities affecting hitachi_energy/tropos_4th_gen.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2025-1036P2HIGHCVSS 8.7≥ 8.7.0.0, ≤ 8.9.6.02025-10-28
CVE-2025-1036 [HIGH] CWE-78 CVE-2025-1036: Command injection vulnerability exists in the “Logging” page of the web-based configuration utility.
Command injection vulnerability exists in the “Logging” page of the web-based configuration utility. An authenticated user with low privileged network access for the configuration utility can execute arbitrary commands on the underlying OS to obtain root SSH access to the TropOS 4th Gen device.
nvd
CVE-2025-1038P3HIGHCVSS 7.5≥ 8.7.0.0, < 8.9.6.02025-10-28
CVE-2025-1038 [HIGH] CWE-78 CVE-2025-1038: The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root acce
nvd
CVE-2025-1037P3HIGHCVSS 7.5≥ 8.7.0.0, ≤ 8.9.6.02025-10-28
CVE-2025-1037 [HIGH] CWE-269 CVE-2025-1037: By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the a
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivi
nvd