Lucene search

IcscertCVELIST:CVE-2020-14502

HistoryFeb 24, 2022 - 6:26 p.m.

CVE-2020-14502

2022-02-2418:26:57

CWE-79

icscert

www.cve.org

web interface

1734-aentr

stored xss

remote attacker

unauthenticated

malicious script

string values

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.

CNA Affected

[
  {
    "product": "1734-AENTR",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
      },
      {
        "status": "affected",
        "version": "Series C 6.011 and 6.012"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-063-01