Vulnerability Description
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series B Firmware | >= 4.001, <= 4.005 |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series B | - |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series C Firmware | 6.011 |
| Rockwellautomation | 1734-Aentr Point I\/O Dual Port Network Adaptor Series C | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01MitigationThird Party AdvisoryUS Government Resource
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-14504?
CVE-2020-14504 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification...
How severe is CVE-2020-14504?
CVE-2020-14504 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14504?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series B Firmware, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series B, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series C Firmware, Rockwellautomation 1734-Aentr Point I\/O Dual Port Network Adaptor Series C.