Severity: CRITICAL | Source: CISA Advisory ICSA-26-092-03

The Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems (ICS) advisory confirming a critical remote code execution (RCE) vulnerability in Hitachi Energy Ellipse, a widely deployed Enterprise Asset Management (EAM) platform used by power utilities, energy companies, and industrial operators worldwide.

The vulnerability originates in a Jasper Reports component embedded within Ellipse. Jasper Reports is a popular open-source reporting engine, and its presence inside Ellipse exposes the product to attackers who can craft malicious requests to execute arbitrary code on the host server - remotely, without requiring physical access. CISA's advisory explicitly flags this as an exploitable RCE attack vector and directs affected organizations to implement Recommended Immediate Actions without delay.

Hitachi Energy Ellipse is not niche software. It is a go-to EAM platform for electricity generation, transmission, and distribution companies - precisely the operators running Kenya's national grid, Ethiopia's power infrastructure, and utility networks across the Horn of Africa.

Impact Assessment for East African Organizations

East African power utilities have accelerated digital transformation over the past five years. Kenya Power, KETRACO, Ethiopian Electric Power, TANESCO in Tanzania, and UMEME in Uganda have all integrated EAM and asset lifecycle platforms to manage substations, transformers, and generation assets. If any of these organizations, or their supply chain partners, run an affected version of Hitachi Energy Ellipse, they are exposed to a threat that goes far beyond data theft.

Remote code execution on an OT-adjacent EAM platform means an attacker can:

  • Manipulate or delete maintenance records, creating false asset health data and enabling physical equipment failures.
  • Pivot from the Ellipse server into broader operational technology (OT) and SCADA networks if network segmentation is inadequate - a common gap in regional utility environments.
  • Plant persistent backdoors for long-term espionage or sabotage, particularly relevant given the geopolitical sensitivity of the Horn of Africa region.
  • Trigger cascading operational disruptions - power outages that ripple across banking, healthcare, and government services that depend on grid stability.

Financial institutions in Kenya and Ethiopia that operate on-premises data centers with diesel backup systems also depend indirectly on grid reliability. A compromised utility EAM platform is not just a power sector problem - it is a cross-sector national risk. Compliance obligations under the Kenya Energy Act 2019 and emerging CBK cyber resilience guidelines for critical infrastructure suppliers make this a boardroom-level concern, not just an IT issue.

Immediate Actions - Do These Now

  • Identify your Ellipse version immediately. Contact your Hitachi Energy account manager or internal OT/IT team to confirm which Ellipse version is deployed across all sites, including remote substations and regional offices.
  • Apply Hitachi Energy's patches and mitigations. Follow the Recommended Immediate Actions published in CISA Advisory ICSA-26-092-03. Do not wait for a scheduled maintenance window - treat this as an emergency change.
  • Isolate Ellipse servers from internet-facing networks. If patching cannot happen immediately, restrict all external access to Ellipse servers. Apply strict firewall rules and disable any unnecessary web-facing ports.
  • Audit network segmentation between IT and OT. Verify that your Ellipse deployment cannot reach SCADA or DCS networks directly. This is the single most important containment measure if you cannot patch right now.
  • Review access logs for anomalous activity. Look for unusual report generation requests, unexpected outbound connections from the Ellipse server, and any new scheduled tasks or services created in the past 90 days.

DRONGO Recommendation

DRONGO's OT/ICS security team works directly with East African utilities and industrial operators to assess exposure to advisories like this one. We can perform rapid vulnerability verification, network segmentation audits, and patch validation for Hitachi Energy environments - within your operational constraints and without disrupting live systems.

Is your organization protected? Request a free security assessment.