Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for andover_continuum_5740_firmware by schneider-electric

    CVE-2020-7482 (GCVE-0-2020-7482)

    Vulnerability from nvd – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:18.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:23:57.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7482",
        "datePublished": "2020-03-23T19:23:57.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:18.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7481 (GCVE-0-2020-7481)

    Vulnerability from nvd – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:23:49.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7481",
        "datePublished": "2020-03-23T19:23:49.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7480 (GCVE-0-2020-7480)

    Vulnerability from nvd – Published: 2020-03-23 19:24 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:24:37.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7480",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7480",
        "datePublished": "2020-03-23T19:24:37.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6853 (GCVE-0-2019-6853)

    Vulnerability from nvd – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Failure to Preserve Web Page Structure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702 Affected: Andover Continuum models 9680
    Affected: 5740 and 5720
    Affected: bCX4040
    Affected: bCX9640
    Affected: 9900
    Affected: 9940
    Affected: 9924 and 9702
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.456Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum models 9680"
                },
                {
                  "status": "affected",
                  "version": "5740 and 5720"
                },
                {
                  "status": "affected",
                  "version": "bCX4040"
                },
                {
                  "status": "affected",
                  "version": "bCX9640"
                },
                {
                  "status": "affected",
                  "version": "9900"
                },
                {
                  "status": "affected",
                  "version": "9940"
                },
                {
                  "status": "affected",
                  "version": "9924 and 9702"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Failure to Preserve Web Page Structure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T22:01:18.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum models 9680"
                              },
                              {
                                "version_value": "5740 and 5720"
                              },
                              {
                                "version_value": "bCX4040"
                              },
                              {
                                "version_value": "bCX9640"
                              },
                              {
                                "version_value": "9900"
                              },
                              {
                                "version_value": "9940"
                              },
                              {
                                "version_value": "9924 and 9702"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Failure to Preserve Web Page Structure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6853",
        "datePublished": "2019-11-20T22:01:18.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7480 (GCVE-0-2020-7480)

    Vulnerability from cvelistv5 – Published: 2020-03-23 19:24 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
    Severity
    No CVSS data available.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:24:37.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7480",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7480",
        "datePublished": "2020-03-23T19:24:37.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7482 (GCVE-0-2020-7482)

    Vulnerability from cvelistv5 – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:18.775Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:23:57.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7482",
        "datePublished": "2020-03-23T19:23:57.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:18.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7481 (GCVE-0-2020-7481)

    Vulnerability from cvelistv5 – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
    VLAI
    Summary
    A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Andover Continuum (All versions) Affected: Andover Continuum (All versions)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:33:19.682Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum (All versions)",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum (All versions)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T19:23:49.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2020-7481",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum (All versions)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum (All versions)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
                  "refsource": "MISC",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2020-7481",
        "datePublished": "2020-03-23T19:23:49.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:33:19.682Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6853 (GCVE-0-2019-6853)

    Vulnerability from cvelistv5 – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
    VLAI
    Summary
    A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Failure to Preserve Web Page Structure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Schneider Electric Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702 Affected: Andover Continuum models 9680
    Affected: 5740 and 5720
    Affected: bCX4040
    Affected: bCX9640
    Affected: 9900
    Affected: 9940
    Affected: 9924 and 9702
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:31:04.456Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "Andover Continuum models 9680"
                },
                {
                  "status": "affected",
                  "version": "5740 and 5720"
                },
                {
                  "status": "affected",
                  "version": "bCX4040"
                },
                {
                  "status": "affected",
                  "version": "bCX9640"
                },
                {
                  "status": "affected",
                  "version": "9900"
                },
                {
                  "status": "affected",
                  "version": "9940"
                },
                {
                  "status": "affected",
                  "version": "9924 and 9702"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Failure to Preserve Web Page Structure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-20T22:01:18.000Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@schneider-electric.com",
              "ID": "CVE-2019-6853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Andover Continuum models 9680"
                              },
                              {
                                "version_value": "5740 and 5720"
                              },
                              {
                                "version_value": "bCX4040"
                              },
                              {
                                "version_value": "bCX9640"
                              },
                              {
                                "version_value": "9900"
                              },
                              {
                                "version_value": "9940"
                              },
                              {
                                "version_value": "9924 and 9702"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Schneider Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Failure to Preserve Web Page Structure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
                  "refsource": "CONFIRM",
                  "url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2019-6853",
        "datePublished": "2019-11-20T22:01:18.000Z",
        "dateReserved": "2019-01-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:31:04.456Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }