Hitachi ABB Power Grids Ellipse APM

Risk Summary

Successful exploitation of this vulnerability may allow an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim 's browser.

CVEs (1)

Remediations

• Hitachi ABB Power Grids recommends users apply Ellipse APM Versions 5.3.0.2, 5.2.0.4, and 5.1.0.7 at the earliest convenience. Please see the advisory on the Hitachi ABB Power Grids website for more information.
• Ensure the “Administrator” application role is only granted to fully trusted APM users who are trained not to import harmful data to APM (e.g., containing HTML or JavaScript).
• Limit all “Import” role API credentials and integrations to only those providing safe data. Introduce filters in the source applications to ensure data safety.
• Introduce a Web Application Firewall solution in front of the APM web interfaces with a capability of blocking XSS attack payloads in HTTP(S) requests, both plain REST (JSON/XML) as well as Excel files wrapped in REST (JSON).

Affected Vendors

Affected Products (3)

Affected Sectors

Energy