Description
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
References
https://www.cisa.gov/uscert/ics/advisories/icsa-21-061-01
Third Party AdvisoryUS Government Resource
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-03-11T18:15:12.993
3 years agoLast modified
2023-05-16T20:16:56.977
2 years ago