{"containers": {"cna": {"affected": [{"product": "1734-AENTR", "vendor": "Rockwell Automation", "versions": [{"status": "affected", "version": "Series B 4.001 to 4.005, and 5.011 to 5.017"}, {"status": "affected", "version": "Series C 6.011 and 6.012"}]}], "datePublic": "2021-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-24T18:26:57", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-03-04T17:00:00.000Z", "ID": "CVE-2020-14502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "1734-AENTR", "version": {"version_data": [{"version_affected": "=", "version_name": "Series B", "version_value": "4.001 to 4.005, and 5.011 to 5.017"}, {"version_affected": "=", "version_name": "Series C", "version_value": "6.011 and 6.012"}]}}]}, "vendor_name": "Rockwell Automation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.804Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14502", "datePublished": "2022-02-24T18:26:57.475019Z", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2024-09-17T00:11:43.409Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:*", "matchCriteriaId": "EAD4BA02-28F4-4138-9E52-C12042DD997C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC7EE03C-DA81-40CC-B522-8483E5481DCB", "versionEndIncluding": "4.005", "versionStartIncluding": "4.001", "vulnerable": true}, {"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "593FCDBB-E5D0-4E57-B10C-3FA3C72CDD75", "versionEndIncluding": "5.017", "versionStartIncluding": "5.011", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:*", "matchCriteriaId": "490F9ECB-1303-4457-9D20-8ADAC160AF6C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:*", "matchCriteriaId": "B44E467A-31EE-46BE-82AA-101C7C2EDC7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:*", "matchCriteriaId": "46D0F84C-6F68-4E2D-99AF-FA9E0682A24C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."}, {"lang": "es", "value": "La interfaz web del m\u00f3dulo de comunicaci\u00f3n 1734-AENTR es vulnerable a un ataque de tipo XSS almacenado. Un atacante remoto no autenticado podr\u00eda almacenar un script malicioso dentro de la interfaz web que, cuando sea ejecutado, podr\u00eda modificar algunos valores de cadena en la p\u00e1gina de inicio de la interfaz web"}], "id": "CVE-2020-14502", "lastModified": "2022-03-07T17:57:05.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-24T19:15:08.900", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}