CVE-2021-40335: Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product
First published: Tue Jul 12 2022(Updated: )
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
Credit: cybersecurity@hitachienergy.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Modular Switchgear Monitoring Firmware | <=2.2.0 | |
| Hitachienergy Modular Switchgear Monitoring |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40335?
CVE-2021-40335 is a vulnerability in the HTTP web interface of Hitachienergy Modular Switchgear Monitoring Firmware that allows for Cross Site Request Forgery (CSRF) attacks.
What is the severity of CVE-2021-40335?
The severity of CVE-2021-40335 is high, with a severity value of 8.8.
How does CVE-2021-40335 impact Hitachienergy Modular Switchgear Monitoring Firmware?
CVE-2021-40335 allows attackers to exploit the vulnerability in the web interface of Hitachienergy Modular Switchgear Monitoring Firmware, potentially leading to CSRF attacks.
How can I fix CVE-2021-40335?
To fix CVE-2021-40335, it is recommended to update to a version of Hitachienergy Modular Switchgear Monitoring Firmware that has fixed the vulnerability.
Where can I find more information about CVE-2021-40335?
More information about CVE-2021-40335 can be found at: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085&LanguageCode=en&DocumentPartId=&Action=Launch
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachienergy
- canonical/hitachienergy modular switchgear monitoring firmware
- version/hitachienergy modular switchgear monitoring firmware/2.2.0
- canonical/hitachienergy modular switchgear monitoring