CVE-2020-14502

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01 Mitigation Third Party Advisory US Government Resource
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:*
cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:*
cpe:2.3:h:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:*

Information

Published : 2022-02-24 11:15

Updated : 2022-03-07 09:57


NVD link : CVE-2020-14502

Mitre link : CVE-2020-14502


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

rockwellautomation

  • 1734-aentr_point_i\/o_dual_port_network_adaptor_series_c
  • 1734-aentr_point_i\/o_dual_port_network_adaptor_series_b
  • 1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware
  • 1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware