CVE-2020-7481 — MEDIUM (6.1)

Vulnerability Description

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Schneider-Electric	Andover Continuum 9680 Firmware	All versions
Schneider-Electric	Andover Continuum 9680	-
Schneider-Electric	Andover Continuum 5740 Firmware	All versions
Schneider-Electric	Andover Continuum 5740	-
Schneider-Electric	Andover Continuum 5720 Firmware	All versions
Schneider-Electric	Andover Continuum 5720	-
Schneider-Electric	Andover Continuum Bcx4040 Firmware	All versions
Schneider-Electric	Andover Continuum Bcx4040	-
Schneider-Electric	Andover Continuum Bcx9640 Firmware	All versions
Schneider-Electric	Andover Continuum Bcx9640	-
Schneider-Electric	Andover Continuum 9900 Firmware	All versions
Schneider-Electric	Andover Continuum 9900	-
Schneider-Electric	Andover Continuum 9940 Firmware	All versions
Schneider-Electric	Andover Continuum 9940	-
Schneider-Electric	Andover Continuum 9941 Firmware	All versions
Schneider-Electric	Andover Continuum 9941	-
Schneider-Electric	Andover Continuum 9924 Firmware	All versions
Schneider-Electric	Andover Continuum 9924	-
Schneider-Electric	Andover Continuum 9702 Firmware	All versions
Schneider-Electric	Andover Continuum 9702	-

Related Weaknesses (CWE)

CWE-79

References

https://www.se.com/ww/en/download/document/SEVD-2020-070-04/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2020-070-04/Vendor Advisory

FAQ

What is CVE-2020-7481?

CVE-2020-7481 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scriptin...

How severe is CVE-2020-7481?

CVE-2020-7481 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7481?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Andover Continuum 9680 Firmware, Schneider-Electric Andover Continuum 9680, Schneider-Electric Andover Continuum 5740 Firmware, Schneider-Electric Andover Continuum 5740, Schneider-Electric Andover Continuum 5720 Firmware.