First published: Tue Jul 12 2022(Updated: )
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
Credit: cybersecurity@hitachienergy.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachienergy Modular Switchgear Monitoring Firmware | <=2.2.0 | |
Hitachienergy Modular Switchgear Monitoring |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-40335 is a vulnerability in the HTTP web interface of Hitachienergy Modular Switchgear Monitoring Firmware that allows for Cross Site Request Forgery (CSRF) attacks.
The severity of CVE-2021-40335 is high, with a severity value of 8.8.
CVE-2021-40335 allows attackers to exploit the vulnerability in the web interface of Hitachienergy Modular Switchgear Monitoring Firmware, potentially leading to CSRF attacks.
To fix CVE-2021-40335, it is recommended to update to a version of Hitachienergy Modular Switchgear Monitoring Firmware that has fixed the vulnerability.
More information about CVE-2021-40335 can be found at: https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085&LanguageCode=en&DocumentPartId=&Action=Launch