CVE-2021-40336

A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session cookies. Thus, an attacker who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., the link is sent per E-Mail, could trick the user into downloading malicious software onto his computer. This issue affects: Hitachi Energy MSM V2.2 and prior versions.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hitachienergy:modular_switchgear_monitoring_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:modular_switchgear_monitoring:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:23

Type Values Removed Values Added
References () https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory () https://search.abb.com/library/Download.aspx?DocumentID=8DBD000085&LanguageCode=en&DocumentPartId=&Action=Launch - Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 5.0

26 Jun 2023, 17:49

Type Values Removed Values Added
CWE CWE-352 CWE-74

Information

Published : 2022-07-25 15:15

Updated : 2024-11-21 06:23


NVD link : CVE-2021-40336

Mitre link : CVE-2021-40336

CVE.ORG link : CVE-2021-40336


JSON object : View

Products Affected

hitachienergy

  • modular_switchgear_monitoring
  • modular_switchgear_monitoring_firmware
CWE
CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')