ABB Ellipse APM up to 5.1.0.6/5.2.0.3/5.3.0.1 Main Dashboard cross site scripting

Summaryinfo

A vulnerability categorized as problematic has been discovered in ABB Ellipse APM up to 5.1.0.6/5.2.0.3/5.3.0.1. The impacted element is an unknown function of the component Main Dashboard. Executing a manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2021-27887. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability has been found in ABB Ellipse APM up to 5.1.0.6/5.2.0.3/5.3.0.1 and classified as problematic. This vulnerability affects an unknown functionality of the component Main Dashboard. The manipulation with an unknown input leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity.

The weakness was disclosed 06/15/2021. The advisory is shared for download at search.abb.com. This vulnerability was named CVE-2021-27887. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1059.007.

Upgrading eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• ABB

Name

• Ellipse APM

Version

• 5.1.0.0
• 5.1.0.1
• 5.1.0.2
• 5.1.0.3
• 5.1.0.4
• 5.1.0.5
• 5.1.0.6
• 5.2.0.0
• 5.2.0.1
• 5.2.0.2
• 5.2.0.3
• 5.3.0.0
• 5.3.0.1

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion