top of page
perceptive_background_267k.jpg

Hitachi Energy Asset Suite

Published:

8 januari 2026 om 12:00:00

Alert date:

8 januari 2026 om 18:02:39

Source:

cisa.gov

Click to open the original link from this advisory

Critical vulnerability in Hitachi Energy Asset Suite versions 9.7 and prior allows remote code execution through Java deserialization flaw in Jasper Report component. CVE-2025-10492 scored 9.8 CVSS with no authentication required. Affects energy sector infrastructure worldwide. Vendor fix available in version 9.8. Mitigation includes restricting external custom reports to trusted administrator-generated ones only.

Technical details

Mitigation steps:

Affected products:

Hitachi Energy Asset Suite

Related links:

https://www.cisa.gov/news-events/ics-advisories/icsa-26-008-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-008-01.json
https://www.cve.org/CVERecord?id=CVE-2025-10492
https://cwe.mitre.org/data/definitions/502.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
https://www.hitachienergy.com/contact-us/
https://www.cisa.gov/notification
https://www.cisa.gov/privacy-policy

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page