Details of VAR-202103-1587

ID

VAR-202103-1587

CVE

CVE-2021-27416

TITLE

Ellipse Enterprise Asset Management Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202103-227

DESCRIPTION

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. Ellipse Enterprise Asset Management (Ellipse EAM) is a business process management software provided by Ellipse Industrial Equipment in the UK

Trust: 0.99

sources: NVD: CVE-2021-27416 // VULHUB: VHN-386683

AFFECTED PRODUCTS

vendor:

hitachienergy

model:

ellipse enterprise asset management

scope:

version:

9.0.26

Trust: 1.0

sources: NVD: CVE-2021-27416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27416
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27416
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202103-227
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-386683
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-27416
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-386683
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-27416
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27416
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.1
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-386683 // CNNVD: CNNVD-202103-227 // NVD: CVE-2021-27416 // NVD: CVE-2021-27416

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-386683 // NVD: CVE-2021-27416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-227

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202103-227

PATCH

title:

Ellipse Enterprise Asset Management Fixes for cross-site scripting vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=143693

Trust: 0.6

sources: CNNVD: CNNVD-202103-227

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-21-061-01	Trust: 1.7
db:	NVD	id:	CVE-2021-27416	Trust: 1.7
db:	CNNVD	id:	CNNVD-202103-227	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0783	Trust: 0.6
db:	VULHUB	id:	VHN-386683	Trust: 0.1

sources: VULHUB: VHN-386683 // CNNVD: CNNVD-202103-227 // NVD: CVE-2021-27416

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01	Trust: 1.7
url:	https://search.abb.com/library/download.aspx?documentid=9akk107991a7777&languagecode=en&documentpartid=&action=launch	Trust: 1.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0783	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-27416/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-061-01	Trust: 0.6
url:	https://search.abb.com/library/download.aspx?documentid=9akk107991a7777&languagecode=en&documentpartid=&action=launch	Trust: 0.1

sources: VULHUB: VHN-386683 // CNNVD: CNNVD-202103-227 // NVD: CVE-2021-27416

SOURCES

db:	VULHUB	id:	VHN-386683
db:	CNNVD	id:	CNNVD-202103-227
db:	NVD	id:	CVE-2021-27416

LAST UPDATE DATE

2024-08-14T14:55:58.789000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386683	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202103-227	date:	2023-05-17T00:00:00
db:	NVD	id:	CVE-2021-27416	date:	2023-05-16T20:16:56.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386683	date:	2022-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202103-227	date:	2021-03-02T00:00:00
db:	NVD	id:	CVE-2021-27416	date:	2022-03-11T18:15:12.993