CVE-2021-27414

Name of the Vulnerable Software and Affected Versions Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25

Description The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to exploit it and potentially tamper with page content. An attacker could trick a user into visiting a malicious website posing as a login page for the Ellipse application, thereby gathering authentication credentials.

Recommendations For versions prior to and including 9.0.25, update to a version later than 9.0.25 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable login pages until a patch is available. Avoid using unverified or suspicious links to access the Ellipse application, and instead, use trusted bookmarks or navigate to the application through official channels.