CVE-2021-40336

Name of the Vulnerable Software and Affected Versions Hitachi Energy MSM versions V2.2 and prior

Description A vulnerability exists in the HTTP web interface where it does not validate data in an HTTP header, leading to a possible HTTP response splitting. This could allow an attacker to channel harmful code into the user's web browser, potentially stealing session cookies. An attacker could trick a user into downloading malicious software by sending a forged link to the MSM web interface via email.

Recommendations For Hitachi Energy MSM versions V2.2 and prior, update to a version that fixes this issue to prevent HTTP response splitting and potential code injection. As a temporary workaround, consider restricting access to the HTTP web interface to minimize the risk of exploitation. Avoid clicking on links from untrusted sources, especially those that lead to the MSM web interface, to reduce the risk of downloading malicious software.