Vulnerabilities > Hitachienergy > Ellipse Enterprise Asset Management > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-11	CVE-2021-27414	Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. network low complexity hitachienergy CWE-1021	6.1
2022-03-11	CVE-2021-27416	Cross-site Scripting vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. network low complexity hitachienergy CWE-79	5.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.