CVE-2021-27414: User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM
First published: Fri Mar 11 2022(Updated: )
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Ellipse Enterprise Asset Management | <9.0.23 | |
| Hitachi ABB Power Grids Ellipse EAM versions prior to and including 9.0.25 |
Remedy
Hitachi ABB Power Grids recommends users apply the update as soon as they are able. Ellipse EAM Version 9.0.23 fixes one of the vulnerabilities, and Ellipse EAM Version 9.0.26 fixes both. Hitachi ABB Power Grids published cybersecurity advisory PGVU-PGGA-Ellipse-202027 to give users more information about this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27414?
CVE-2021-27414 refers to a vulnerability found in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25.
How severe is CVE-2021-27414?
CVE-2021-27414 has a severity rating of 6.1, which is considered medium.
What is the description of CVE-2021-27414?
CVE-2021-27414 allows an attacker to trick users into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
Which software versions are affected by CVE-2021-27414?
Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions up to and including 9.0.23 are affected by CVE-2021-27414.
How can I fix CVE-2021-27414?
To fix CVE-2021-27414, users are advised to upgrade to a version later than 9.0.23 of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM).
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/trending
- vendor/hitachienergy
- canonical/hitachienergy ellipse enterprise asset management
- vendor/hitachi abb power grids
- canonical/hitachi abb power grids ellipse eam versions prior to and including 9.0.25