CVE-2021-27416: Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM
First published: Fri Mar 11 2022(Updated: )
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Ellipse Enterprise Asset Management | <9.0.26 | |
| Hitachi ABB Power Grids Ellipse EAM versions prior to and including 9.0.25 |
Remedy
Hitachi ABB Power Grids recommends users apply the update as soon as they are able. Ellipse EAM Version 9.0.23 fixes one of the vulnerabilities, and Ellipse EAM Version 9.0.26 fixes both. Hitachi ABB Power Grids published cybersecurity advisory PGVU-PGGA-Ellipse-202027 to give users more information about this issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27416?
CVE-2021-27416 is a vulnerability that can be exploited in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25.
How can an attacker exploit CVE-2021-27416?
An attacker can exploit CVE-2021-27416 by tricking a user into clicking on a link containing malicious code that will run in the web browser.
What is the severity of CVE-2021-27416?
The severity of CVE-2021-27416 is medium, with a severity value of 5.4.
What software versions are affected by CVE-2021-27416?
CVE-2021-27416 affects Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25.
How can I mitigate CVE-2021-27416?
To mitigate CVE-2021-27416, update Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) to version 9.0.26 or newer.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hitachienergy
- canonical/hitachienergy ellipse enterprise asset management
- vendor/hitachi abb power grids
- canonical/hitachi abb power grids ellipse eam versions prior to and including 9.0.25