CVE-2021-27416

EUVD-2021-14170
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
icscertCNA
5.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
hitachienergyellipse_enterprise_asset_management
𝑥
< 9.0.26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01