Vulnerabilities > CVE-2021-27414 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Ellipse Enterprise Asset Management

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
hitachienergy
CWE-1021

Summary

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.

Vulnerable Configurations

Part Description Count
Application
Hitachienergy
1