CVE-2021-27416

Name of the Vulnerable Software and Affected Versions Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25

Description The issue arises from the lack of protection for the web page structure, allowing an attacker to exploit this weakness by tricking a user into clicking on a malicious link. This can lead to the compromise of confidential information or the takeover of the user's session. The vulnerability can be exploited by a remote attacker using cross-site scripting attacks.

Recommendations For versions prior to and including 9.0.25, update to a version later than 9.0.25 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or links to minimize the risk of exploitation. Avoid using links from untrusted sources, and ensure that users are cautious when clicking on links from unknown senders.