CVE-2020-14504

2021-03-0400:00:00

CWE-284

icscert

www.cve.org

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.2%

JSON

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.

CNA Affected

[
  {
    "product": "1734-AENTR",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
      },
      {
        "status": "affected",
        "version": "Series C 6.011 and 6.012"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-063-01