An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
Un atacante podría explotar esta vulnerabilidad en Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versiones anteriores a 9.0.25, incluyéndola, al engañar a un usuario para que haga clic en un enlace que contenga código malicioso que será ejecutado por el navegador web. Esto puede resultar en el compromiso de información confidencial, o incluso la toma de la sesión del usuario
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
AV:N/AC:M/Au:N/C:P/I:P/A:N
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | NONE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-79
|
| [email protected] | Primary |
en
CWE-79
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | ellipse_enterprise_asset_management | * | <built-in method update of dict object at 0x72a9994a9140> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:ellipse_enterprise_asset_management:*:*:*:*:*:*:*:* |