Vulnerability Description
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series B Firmware | >= 4.001, <= 4.005 |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series B | - |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series C Firmware | 6.011 |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series C | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01MitigationThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-14502?
CVE-2020-14502 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, co...
How severe is CVE-2020-14502?
CVE-2020-14502 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14502?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series B Firmware, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series B, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series C Firmware, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series C.