Hitachi Energy Ellipse
Act Now9.8ICS-CERT ICSA-26-092-03Feb 24, 2026
Hitachi EnergyEnergy
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.
What this means
What could happen
Could allow an attacker to execute code by sending crafted data
Who's at risk
Organizations in energy using Hitachi Energy equipment
How it could be exploited
Attacker on the corporate network or internet could reach this device without any credentials. The attack is straightforward with no special conditions
Affected products (1)
ProductAffected VersionsFix Status
Ellipse≤ 9.0.50No fix yet
Remediation & Mitigation
0/1
Do now — compensating controls
0/1WORKAROUNDSince the vulnerability exists in Jasper Report component that is external to Ellipse application, restrict the loading of external custom reports created by end users by allowing only trusted Jasper reports generated by the system administrator.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/51b3c0c2-dc49-4565-8b08-899a0eecf5acGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.