The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2022-02-24T18:26:56.514398Z
Updated: 2024-09-17T04:14:38.489Z
Reserved: 2020-06-19T00:00:00
Link: CVE-2020-14504
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-24T19:15:08.943
Modified: 2024-11-21T05:03:24.840
Link: CVE-2020-14504
Redhat
No data.