CVE-2021-40335

Name of the Vulnerable Software and Affected Versions Hitachi Energy MSM versions V2.2 and prior

Description A vulnerability exists in the HTTP web interface where it does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This causes a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker could perform harmful commands on MSM through its web server interface by making an MSM user who has already established a session click a forged link to the MSM web interface.

Recommendations For Hitachi Energy MSM versions V2.2 and prior, consider implementing additional validation mechanisms for requests to prevent CSRF attacks, such as verifying the origin of requests or using tokens to ensure requests are intentional and legitimate. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation.