CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-10763

criticalcovered by 2 sourcesfirst seen 2026-06-30
View CSAF Summary Hitachi Energy is aware of insecure HTTP transmission vulnerability in PROMOD V product versions listed in this document. This vulnerability could allow attackers to intercept or manipulate sensitive data in transit, potentially leading to credential theft, session hijacking, or unauthorized access. The following versions of Hitachi Energy PROMOD V are affected: PROMOD V vers:PROMOD_V/<=1.0.10 CVSS Vendor Equipment Vulnerabilities v3 7.1 Hitachi Energy Hitachi Energy PROMOD V Reliance on HTTP instead of HTTPS Background Critical Infrastructure Sectors: Energy Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-10763 PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server. View CVE Details Affected Products Hitachi Energy PROMOD V Vendor: Hitachi Energy Product Version: PROMOD V versions 1.0.10 and prior Product Status: known_affected Remediations Vendor fix Upgrade to version 1.0.11 and enable HTTPS on Digipede server. [2] Refer to “1.0.11 PROMOD V User Guide”, Section 2 Essential Skills->Running PROMOD V->Digipede Grid. Alternatively, refer to the same section in the online help contained in the application. Mitigation Apply general mitigation factors Relevant CWE: CWE-1428 Reliance on HTTP instead of HTTPS Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N 4.0 7 HIGH CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N Acknowledgments Hitachi Energy Internal Team Notice The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warranties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for an

CSIRTS triage

What
The vulnerability allows attackers to intercept or manipulate sensitive data in transit due to insecure HTTP transmission.
Who is affected
Deployments of PROMOD V versions up to 1.0.10 worldwide.
Urgency
Remediation is urgent due to the critical nature of the vulnerability and potential for credential theft.
Action
Implement HTTPS support to secure data transmission.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-10763

Get an email if CVE-2026-10763 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-10763

CVE.org record

Embed the live status

CVE-2026-10763 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-10763 status](https://www.csirts.com/badge/CVE-2026-10763)](https://www.csirts.com/cve/CVE-2026-10763)