CVE-2021-27416
Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
Un atacante podría explotar esta vulnerabilidad en Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versiones anteriores a 9.0.25, incluyéndola, al engañar a un usuario para que haga clic en un enlace que contenga código malicioso que será ejecutado por el navegador web. Esto puede resultar en el compromiso de información confidencial, o incluso la toma de la sesión del usuario
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-19 CVE Reserved
- 2022-03-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachienergy Search vendor "Hitachienergy" | Ellipse Enterprise Asset Management Search vendor "Hitachienergy" for product "Ellipse Enterprise Asset Management" | < 9.0.26 Search vendor "Hitachienergy" for product "Ellipse Enterprise Asset Management" and version " < 9.0.26" | - |
Affected
| ||||||