CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27414 – User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM
https://notcve.org/view.php?id=CVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. Un atacante podría engañar a un usuario de Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versiones anteriores a 9.0.25, incluyéndola, para que visite un sitio web malicioso que haga pasarse por una página de inicio de sesión de la aplicación Ellipse y consiga las credenciales de autenticación • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01 • CWE-451: User Interface (UI) Misrepresentation of Critical Information CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27416 – Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM
https://notcve.org/view.php?id=CVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. Un atacante podría explotar esta vulnerabilidad en Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versiones anteriores a 9.0.25, incluyéndola, al engañar a un usuario para que haga clic en un enlace que contenga código malicioso que será ejecutado por el navegador web. Esto puede resultar en el compromiso de información confidencial, o incluso la toma de la sesión del usuario • https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •