CVE-2021-40337 - OpenCVE

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi	Linkone

Configuration 1 [-]

OR	cpe:2.3:a:hitachi:linkone:3.20:::::::*
	cpe:2.3:a:hitachi:linkone:3.22:::::::*
	cpe:2.3:a:hitachi:linkone:3.23:::::::*
	cpe:2.3:a:hitachi:linkone:3.24:::::::*
	cpe:2.3:a:hitachi:linkone:3.25:::::::*
	cpe:2.3:a:hitachi:linkone:3.26:::::::*

No data.

References

Link	Providers
https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published: 2022-01-25T19:11:15.088680Z

Updated: 2024-09-16T22:08:41.501Z

Reserved: 2021-08-31T00:00:00

Link: CVE-2021-40337

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-01-25T20:15:08.403

Modified: 2022-01-31T20:44:02.860

Link: CVE-2021-40337

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "LinkOne", "vendor": "Hitachi Energy", "versions": [{"status": "affected", "version": "3.20"}, {"status": "affected", "version": "3.22"}, {"status": "affected", "version": "3.23"}, {"status": "affected", "version": "3.24"}, {"status": "affected", "version": "3.25"}, {"status": "affected", "version": "3.26"}]}], "credits": [{"lang": "en", "value": "Hitachi Energy thanks the following for working with us to help protect our customers: Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM."}], "datePublic": "2021-12-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-25T19:11:15", "orgId": "e383dce4-0c27-4495-91c4-0db157728d17", "shortName": "Hitachi Energy"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch"}], "solutions": [{"lang": "en", "value": "For each version, apply the available patch or update to version 3.27."}], "source": {"discovery": "USER"}, "title": "OWASP Related Vulnerabilities in Hitachi Energy\u2019s LinkOne Product", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@hitachienergy.com", "DATE_PUBLIC": "2021-12-23T17:00:00.000Z", "ID": "CVE-2021-40337", "STATE": "PUBLIC", "TITLE": "OWASP Related Vulnerabilities in Hitachi Energy\u2019s LinkOne Product"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LinkOne", "version": {"version_data": [{"version_affected": "=", "version_name": "3.20", "version_value": "3.20"}, {"version_affected": "=", "version_name": "3.22", "version_value": "3.22"}, {"version_affected": "=", "version_name": "3.23", "version_value": "3.23"}, {"version_affected": "=", "version_name": "3.24", "version_value": "3.24"}, {"version_affected": "=", "version_name": "3.25", "version_value": "3.25"}, {"version_affected": "=", "version_name": "3.26", "version_value": "3.26"}]}}]}, "vendor_name": "Hitachi Energy"}]}}, "credit": [{"lang": "eng", "value": "Hitachi Energy thanks the following for working with us to help protect our customers: Compa\u00f1\u00eda Minera Do\u00f1a In\u00e9s de Collahuasi SCM."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch", "refsource": "CONFIRM", "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch"}]}, "solution": [{"lang": "en", "value": "For each version, apply the available patch or update to version 3.27."}], "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.930Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch"}]}]}, "cveMetadata": {"assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17", "assignerShortName": "Hitachi Energy", "cveId": "CVE-2021-40337", "datePublished": "2022-01-25T19:11:15.088680Z", "dateReserved": "2021-08-31T00:00:00", "dateUpdated": "2024-09-16T22:08:41.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:linkone:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "2A16D152-D43D-4142-9233-537641563DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:linkone:3.22:*:*:*:*:*:*:*", "matchCriteriaId": "5CAD5EC3-8E95-4B92-92F8-D9D6E869736A", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:linkone:3.23:*:*:*:*:*:*:*", "matchCriteriaId": "74EFFBDC-AC66-41B4-B2DA-B3800FADCDDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:linkone:3.24:*:*:*:*:*:*:*", "matchCriteriaId": "41AC7B8C-4C18-4E79-96FA-E52FF81377E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:linkone:3.25:*:*:*:*:*:*:*", "matchCriteriaId": "8AA20569-CB37-404F-B459-2C5CD4C3C44D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:linkone:3.26:*:*:*:*:*:*:*", "matchCriteriaId": "B91F1986-443B-4802-8D20-FFD8B7FE7322", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Hitachi Energy LinkOne permite a un atacante que consiga explotar la vulnerabilidad pueda aprovechar para realizar m\u00faltiples ataques web y robar informaci\u00f3n confidencial. Este problema afecta a: Hitachi Energy LinkOne versiones 3.20; 3.22; 3.23; 3.24; 3.25; 3.26"}], "id": "CVE-2021-40337", "lastModified": "2022-01-31T20:44:02.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}, "published": "2022-01-25T20:15:08.403", "references": [{"source": "cybersecurity@hitachienergy.com", "tags": ["Vendor Advisory"], "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000079&LanguageCode=en&DocumentPartId=&Action=Launch"}], "sourceIdentifier": "cybersecurity@hitachienergy.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "cybersecurity@hitachienergy.com", "type": "Secondary"}]}