Vulnerability Details CVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.9%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 5.8
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107991A7777&LanguageCode=en&DocumentPartId=&Action=Launch
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01
Products affected by CVE-2021-27416
-
cpe:2.3:a:hitachienergy:ellipse_enterprise_asset_management:-
-
cpe:2.3:a:hitachienergy:ellipse_enterprise_asset_management:9.0.22
-
cpe:2.3:a:hitachienergy:ellipse_enterprise_asset_management:9.0.23
-
cpe:2.3:a:hitachienergy:ellipse_enterprise_asset_management:9.0.25