## Hitachi Energy Ellipse Vulnerable to Remote Code Execution via Jasper Report Flaw **Hitachi Energy** is addressing a critical vulnerability within its Ellipse product, specifically affecting versions 9.0.50 and earlier. The flaw, identified as **CVE-2025-10492**, resides in the **Jasper Report** component, a third-party library used for generating custom reports within Ellipse. This vulnerability could allow for remote code execution (RCE) attacks. ### Vulnerability Details The vulnerability is a Java deserialization issue in the **Jaspersoft Library**. Improper handling of externally supplied data could allow attackers to execute arbitrary code remotely on systems using the affected library. This highlights the importance of carefully vetting and securing third-party components within critical infrastructure software. * **CVE:** CVE-2025-10492 * **Affected Product:** Hitachi Energy Ellipse versions 9.0.50 and prior * **CWE:** CWE-502 Deserialization of Untrusted Data * **CVSS v3 Score:** 9.8 (Critical) ### Impact Successful exploitation of this vulnerability could allow an attacker to gain complete control of the affected system. Given that **Hitachi Energy Ellipse** is deployed in critical infrastructure sectors, particularly critical manufacturing, the potential impact is significant. ### Mitigation **Hitachi Energy** recommends immediate actions to mitigate the risk. While specific mitigation steps are not detailed in this extract, the advisory urges users to refer to the "Recommended Immediate Actions" section within the full advisory document (linked below) for detailed guidance. General mitigation factors include: * Minimizing network exposure for all control system devices. * Locating control system networks behind firewalls and isolating them from business networks. * Using secure remote access methods such as VPNs (while ensuring the VPN itself is up-to-date). * Scanning portable computers and removable storage media for viruses before connecting them to a control system. * Enforcing proper password policies. ### Recommendations **CISA (Cybersecurity and Infrastructure Security Agency)** strongly advises users to take defensive measures to minimize the risk of exploitation. This includes: * Ensuring control system devices are not accessible from the internet. * Implementing robust firewall configurations. * Performing thorough impact analysis and risk assessments before deploying any defensive measures. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-03.json) ### Acknowledgements **Hitachi Energy** PSIRT reported this vulnerability to CISA.