CVE-2020-14502

{"id": "CVE-2020-14502", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-02-24T19:15:08.900", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."}, {"lang": "es", "value": "La interfaz web del m\u00f3dulo de comunicaci\u00f3n 1734-AENTR es vulnerable a un ataque de tipo XSS almacenado. Un atacante remoto no autenticado podr\u00eda almacenar un script malicioso dentro de la interfaz web que, cuando sea ejecutado, podr\u00eda modificar algunos valores de cadena en la p\u00e1gina de inicio de la interfaz web"}], "lastModified": "2022-03-07T17:57:05.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EAD4BA02-28F4-4138-9E52-C12042DD997C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7EE03C-DA81-40CC-B522-8483E5481DCB", "versionEndIncluding": "4.005", "versionStartIncluding": "4.001"}, {"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593FCDBB-E5D0-4E57-B10C-3FA3C72CDD75", "versionEndIncluding": "5.017", "versionStartIncluding": "5.011"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "490F9ECB-1303-4457-9D20-8ADAC160AF6C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B44E467A-31EE-46BE-82AA-101C7C2EDC7A"}, {"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46D0F84C-6F68-4E2D-99AF-FA9E0682A24C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}