CVE-2021-27416

Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM

CVSS 5.5 MEDIUMEPSS 0.6%CWE-79

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Mar 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Affected products

Hitachi ABB Power Grids · Ellipse Enterprise Asset Management (EAM)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01