CVE-2025-7740 (GCVE-0-2025-7740)
Vulnerability from cvelistv5
Published
2026-01-28 09:02
Modified
2026-01-28 16:32
Severity ?
8.8 (High) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE
Summary
Default credentials vulnerability exists in SuprOS product. If exploited, this could allow an authenticated local attacker to use an admin account created during product deployment.
References
Impacted products
Vendor Product Version
Hitachi Energy SuprOS Version: 9.0.0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-28T16:32:14.188387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-28T16:32:25.192Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SuprOS",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "lessThanOrEqual": "9.2.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-01-27T13:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default credentials vulnerability exists in SuprOS\nproduct. If exploited, this could allow an authenticated\nlocal attacker to use an admin account created during\nproduct deployment.\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Default credentials vulnerability exists in SuprOS\nproduct. If exploited, this could allow an authenticated\nlocal attacker to use an admin account created during\nproduct deployment."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-70",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1392",
              "description": "CWE-1392 Use of Default Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T09:02:21.430Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000223\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Use of default credentials vulnerability in Hitachi Energy SuprOS product",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2025-7740",
    "datePublished": "2026-01-28T09:02:21.430Z",
    "dateReserved": "2025-07-17T06:26:51.973Z",
    "dateUpdated": "2026-01-28T16:32:25.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7740\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-28T16:32:14.188387Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-28T16:32:21.221Z\"}}], \"cna\": {\"title\": \"Use of default credentials vulnerability in Hitachi Energy SuprOS product\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-70\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-70 Try Common or Default Usernames and Passwords\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hitachi Energy\", \"product\": \"SuprOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.2.2.0\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-01-27T13:26:00.000Z\", \"references\": [{\"url\": \"https://publisher.hitachienergy.com/preview?DocumentID=8DBD000223\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Default credentials vulnerability exists in SuprOS\\nproduct. If exploited, this could allow an authenticated\\nlocal attacker to use an admin account created during\\nproduct deployment.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Default credentials vulnerability exists in SuprOS\\nproduct. If exploited, this could allow an authenticated\\nlocal attacker to use an admin account created during\\nproduct deployment.\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392 Use of Default Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"shortName\": \"Hitachi Energy\", \"dateUpdated\": \"2026-01-28T09:02:21.430Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-7740\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-28T16:32:25.192Z\", \"dateReserved\": \"2025-07-17T06:26:51.973Z\", \"assignerOrgId\": \"e383dce4-0c27-4495-91c4-0db157728d17\", \"datePublished\": \"2026-01-28T09:02:21.430Z\", \"assignerShortName\": \"Hitachi Energy\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.