Lucene search

[email protected]CVE-2020-14504

HistoryFeb 24, 2022 - 7:15 p.m.

CVE-2020-14504

2022-02-2419:15:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2020-14504

nvd

authentication

http post

remote attacker

configuration settings

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.

CPENameOperatorVersion
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmwarerockwellautomation 1734-aentr point i\/o dual port network adaptor series b firmwarele4.005
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmwarerockwellautomation 1734-aentr point i\/o dual port network adaptor series b firmwarele5.017
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmwarerockwellautomation 1734-aentr point i\/o dual port network adaptor series c firmwareeq6.011
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmwarerockwellautomation 1734-aentr point i\/o dual port network adaptor series c firmwareeq6.012

CPE	Name	Operator	Version
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware	rockwellautomation 1734-aentr point i\/o dual port network adaptor series b firmware	le	4.005
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware	rockwellautomation 1734-aentr point i\/o dual port network adaptor series b firmware	le	5.017
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware	rockwellautomation 1734-aentr point i\/o dual port network adaptor series c firmware	eq	6.011
rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware	rockwellautomation 1734-aentr point i\/o dual port network adaptor series c firmware	eq	6.012

References

www.cisa.gov/uscert/ics/advisories/icsa-21-063-01

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

37.8%

JSON

Related for CVE-2020-14504

nessus1 cvelist1 prion1 ics1