Hitachi ABB Power Grids Ellipse EAM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to steal sensitive information, hijack a user 's session, or compromise authentication credentials.

CVEs (2)

Remediations

• Hitachi ABB Power Grids recommends users apply the update as soon as they are able. Ellipse EAM Version 9.0.23 fixes one of the vulnerabilities, and Ellipse EAM Version 9.0.26 fixes both.
• Hitachi ABB Power Grids published cybersecurity advisory PGVU-PGGA-Ellipse-202027 to give users more information about this issue.
• Hitachi ABB Power Grids recommends following security best practices and firewall configurations to help protect a process control network from attacks originating from an outside the network. Such practices include:
• Ensure critical applications and systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall.
• Firewalls should be configured to have the minimum number of ports exposed and open ports should be justified and documented.
• Critical systems should not be used for Internet surfing, instant messaging, or receiving e-mails.
• Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
• It is important to implement robust security awareness training to ensure users are able to identify common attacks or content such as phishing emails or malicious web pages.

Affected Vendors

Affected Products (1)

Affected Sectors

Energy Sector