CVE-2026-10763 - Vulnerability Details - OpenCVE

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00347.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://publisher.hitachienergy.com/preview?DocumentID=8DBD000250&LanguageCode=en&DocumentPartId=&Action=Launch

History

Tue, 30 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 30 Jun 2026 10:45:00 +0000

Type	Values Removed	Values Added
Title		PROMOD V Lacks HTTPS, Leading to Insecure HTTP Traffic

Tue, 30 Jun 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description		PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.
Weaknesses		CWE-1428
References		https://publisher.hitachienergy.com/preview?DocumentID=8DBD000250&LanguageCode=en&DocumentPartId=&Action=Launch
Metrics		cvssV4_0 `{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2026-06-30T09:37:03.987Z

Updated: 2026-06-30T13:16:16.774Z

Reserved: 2026-06-03T15:11:32.712Z

Link: CVE-2026-10763

Vulnrichment

Updated: 2026-06-30T13:16:10.858Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-30T10:30:11Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10763", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "state": "PUBLISHED", "assignerShortName": "Hitachi Energy", "dateReserved": "2026-06-03T15:11:32.712Z", "datePublished": "2026-06-30T09:37:03.987Z", "dateUpdated": "2026-06-30T13:16:16.774Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2026-06-30T09:37:03.987Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1428", "description": "CWE-1428 Reliance on HTTP instead of HTTPS", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-157", "descriptions": [{"lang": "en", "value": "CAPEC-157 Sniffing Attacks"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "PROMOD V", "versions": [{"status": "affected", "version": "1.0.0", "lessThanOrEqual": "1.0.10", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server."}]}], "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000250&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:15:59.875717Z", "id": "CVE-2026-10763", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:16:16.774Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10763", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-30T13:15:59.875717Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:16:10.858Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-157", "descriptions": [{"lang": "en", "value": "CAPEC-157 Sniffing Attacks"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi Energy", "product": "PROMOD V", "versions": [{"status": "affected", "version": "1.0.0", "versionType": "custom", "lessThanOrEqual": "1.0.10"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000250&LanguageCode=en&DocumentPartId=&Action=Launch", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.", "supportingMedia": [{"type": "text/html", "value": "PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1428", "description": "CWE-1428 Reliance on HTTP instead of HTTPS"}]}], "providerMetadata": {"orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy", "dateUpdated": "2026-06-30T09:37:03.987Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10763", "state": "PUBLISHED", "dateUpdated": "2026-06-30T13:16:16.774Z", "dateReserved": "2026-06-03T15:11:32.712Z", "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "datePublished": "2026-06-30T09:37:03.987Z", "assignerShortName": "Hitachi Energy"}, "dataVersion": "5.2"}