CVE-2021-27416

Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM

CVSS 5.5 MEDIUMEPSS 0.6%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 mar 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Productos afectados

Hitachi ABB Power Grids · Ellipse Enterprise Asset Management (EAM)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01