Vulnerabilities > Hitachienergy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2021-27414 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Ellipse Enterprise Asset Management 9.0.22 An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | 6.1 |
| 2022-03-11 | CVE-2021-27416 | Cross-site Scripting vulnerability in Hitachienergy Ellipse Enterprise Asset Management 9.0.22/9.0.23/9.0.25 An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. | 5.4 |
| 2020-04-02 | CVE-2019-19096 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms 6.0/6.0.2 The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. | 6.1 |
| 2020-04-02 | CVE-2019-19095 | Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | 5.4 |
| 2020-04-02 | CVE-2019-19093 | Weak Password Requirements vulnerability in Hitachienergy Esoms eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | 6.5 |
| 2020-04-02 | CVE-2019-19091 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. | 4.3 |
| 2020-04-02 | CVE-2019-19089 | Interpretation Conflict vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. | 6.1 |
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |
| 2020-04-02 | CVE-2019-19001 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. | 6.5 |