Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Reason S20 Ethernet Switch by General Electric

    CVE-2020-16246 (GCVE-0-2020-16246)

    Vulnerability from nvd – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:00:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16246",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16246",
        "datePublished": "2020-10-20T15:00:40.583Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:47:00.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16242 (GCVE-0-2020-16242)

    Vulnerability from nvd – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:01:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16242",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16242",
        "datePublished": "2020-09-25T17:37:26.885Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:34.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16246 (GCVE-0-2020-16246)

    Vulnerability from cvelistv5 – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:00:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16246",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16246",
        "datePublished": "2020-10-20T15:00:40.583Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:47:00.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16242 (GCVE-0-2020-16242)

    Vulnerability from cvelistv5 – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:01:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16242",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16242",
        "datePublished": "2020-09-25T17:37:26.885Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:34.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }