CVE-2021-27416

Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM

CVSS 5.5 MEDIUMEPSS 0.6%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 mar 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Produtos afetados

Hitachi ABB Power Grids · Ellipse Enterprise Asset Management (EAM)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01