CVE-2021-27416 Vulnerability Details

  /     /     /  

CVE-2021-27416 Metadata Quick Info

CVE Published: 11/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: icscert | Vendor: Hitachi ABB Power Grids | Product: Ellipse Enterprise Asset Management (EAM)
Status : PUBLISHED

---

CVE-2021-27416 Description

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.

Metrics

CVSS Version: 3.1 | Base Score: 5.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Cross-site Scripting (XSS)
Source: Hitachi ABB Power Grids

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).