Vulnerabilities > Hitachienergy > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2021-27416 | Cross-site Scripting vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. | 5.4 |
| 2021-12-02 | CVE-2021-40333 | Weak Password Requirements vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. | 5.5 |
| 2021-12-02 | CVE-2021-40334 | Unspecified vulnerability in Hitachienergy Fox615 Firmware and Xcm20 Firmware Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. | 5.0 |
| 2020-04-02 | CVE-2019-19096 | Insufficiently Protected Credentials vulnerability in Hitachienergy Esoms The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. | 6.1 |
| 2020-04-02 | CVE-2019-19095 | Cross-site Scripting vulnerability in Hitachienergy Esoms Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | 5.4 |
| 2020-04-02 | CVE-2019-19093 | Weak Password Requirements vulnerability in Hitachienergy Esoms eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. | 6.5 |
| 2020-04-02 | CVE-2019-19091 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. | 4.3 |
| 2020-04-02 | CVE-2019-19089 | Interpretation Conflict vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. | 6.1 |
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |