Hitachi Energy TropOS Command Injection and Privilege Issues
⚠️ Hitachi Energy's TropOS wireless devices contain multiple vulnerabilities — including OS command injection and improper privilege management — that can be exploited remotely by authenticated users to obtain root access. Affected 4th Gen firmware versions up to 8.9.6.0 are vulnerable (CVE-2025-1036, CVE-2025-1037, CVE-2025-1038); CVSS v4 scores reach 8.7. Hitachi Energy advises immediate update to version 8.9.7.0, and CISA recommends isolating devices, minimizing network exposure, and following ICS security best practices.
