The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.
[
{
"product": "1734-AENTR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
},
{
"status": "affected",
"version": "Series C 6.011 and 6.012"
}
]
}
]