Lucene search

K
cvelistIcscertCVELIST:CVE-2020-14504
HistoryMar 04, 2021 - 12:00 a.m.

CVE-2020-14504

2021-03-0400:00:00
CWE-284
icscert
www.cve.org

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.

CNA Affected

[
  {
    "product": "1734-AENTR",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
      },
      {
        "status": "affected",
        "version": "Series C 6.011 and 6.012"
      }
    ]
  }
]

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

Related for CVELIST:CVE-2020-14504