Search
Find a vulnerability
Search criteria
6 vulnerabilities found for s2020_firmware by ge
CVE-2020-16246 (GCVE-0-2020-16246)
Vulnerability from nvd – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
VLAI
Title
GE Reason S20 Ethernet Switch
Summary
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| General Electric | Reason S20 Ethernet Switch |
Affected:
S2020 , ≤ 07A06
(custom)
Affected: S2024 , ≤ 07A06 (custom) |
Date Public
2020-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason S20 Ethernet Switch",
"vendor": "General Electric",
"versions": [
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2020",
"versionType": "custom"
},
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2024",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T15:00:40.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
},
"title": "GE Reason S20 Ethernet Switch",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
"ID": "CVE-2020-16246",
"STATE": "PUBLIC",
"TITLE": "GE Reason S20 Ethernet Switch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason S20 Ethernet Switch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "S2020",
"version_value": "07A06"
},
{
"version_affected": "\u003c=",
"version_name": "S2024",
"version_value": "07A06"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
]
},
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16246",
"datePublished": "2020-10-20T15:00:40.583Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:47:00.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16242 (GCVE-0-2020-16242)
Vulnerability from nvd – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
VLAI
Title
GE Reason S20 Ethernet Switch
Summary
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| General Electric | Reason S20 Ethernet Switch |
Affected:
S2020 , ≤ 07A06
(custom)
Affected: S2024 , ≤ 07A06 (custom) |
Date Public
2020-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason S20 Ethernet Switch",
"vendor": "General Electric",
"versions": [
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2020",
"versionType": "custom"
},
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2024",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T15:01:06.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
},
"title": "GE Reason S20 Ethernet Switch",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
"ID": "CVE-2020-16242",
"STATE": "PUBLIC",
"TITLE": "GE Reason S20 Ethernet Switch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason S20 Ethernet Switch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "S2020",
"version_value": "07A06"
},
{
"version_affected": "\u003c=",
"version_name": "S2024",
"version_value": "07A06"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
]
},
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16242",
"datePublished": "2020-09-25T17:37:26.885Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:40:34.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18267 (GCVE-0-2019-18267)
Vulnerability from nvd – Published: 2019-12-18 19:37 – Updated: 2024-08-05 01:47
VLAI
Summary
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-351-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GE S2020/S2020G Fast Switch 61850 |
Affected:
S2020/S2020G Fast Switch 61850 Versions 07A03 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE S2020/S2020G Fast Switch 61850",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T19:37:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE S2020/S2020G Fast Switch 61850",
"version": {
"version_data": [
{
"version_value": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18267",
"datePublished": "2019-12-18T19:37:46.000Z",
"dateReserved": "2019-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16246 (GCVE-0-2020-16246)
Vulnerability from cvelistv5 – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
VLAI
Title
GE Reason S20 Ethernet Switch
Summary
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| General Electric | Reason S20 Ethernet Switch |
Affected:
S2020 , ≤ 07A06
(custom)
Affected: S2024 , ≤ 07A06 (custom) |
Date Public
2020-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason S20 Ethernet Switch",
"vendor": "General Electric",
"versions": [
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2020",
"versionType": "custom"
},
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2024",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T15:00:40.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
},
"title": "GE Reason S20 Ethernet Switch",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
"ID": "CVE-2020-16246",
"STATE": "PUBLIC",
"TITLE": "GE Reason S20 Ethernet Switch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason S20 Ethernet Switch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "S2020",
"version_value": "07A06"
},
{
"version_affected": "\u003c=",
"version_name": "S2024",
"version_value": "07A06"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
]
},
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16246",
"datePublished": "2020-10-20T15:00:40.583Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:47:00.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16242 (GCVE-0-2020-16242)
Vulnerability from cvelistv5 – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
VLAI
Title
GE Reason S20 Ethernet Switch
Summary
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| General Electric | Reason S20 Ethernet Switch |
Affected:
S2020 , ≤ 07A06
(custom)
Affected: S2024 , ≤ 07A06 (custom) |
Date Public
2020-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reason S20 Ethernet Switch",
"vendor": "General Electric",
"versions": [
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2020",
"versionType": "custom"
},
{
"lessThanOrEqual": "07A06",
"status": "affected",
"version": "S2024",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T15:01:06.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
],
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
},
"title": "GE Reason S20 Ethernet Switch",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
"ID": "CVE-2020-16242",
"STATE": "PUBLIC",
"TITLE": "GE Reason S20 Ethernet Switch"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reason S20 Ethernet Switch",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "S2020",
"version_value": "07A06"
},
{
"version_affected": "\u003c=",
"version_name": "S2024",
"version_value": "07A06"
}
]
}
}
]
},
"vendor_name": "General Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
}
]
},
"source": {
"advisory": "icsa-20-266-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16242",
"datePublished": "2020-09-25T17:37:26.885Z",
"dateReserved": "2020-07-31T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:40:34.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18267 (GCVE-0-2019-18267)
Vulnerability from cvelistv5 – Published: 2019-12-18 19:37 – Updated: 2024-08-05 01:47
VLAI
Summary
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-351-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | GE S2020/S2020G Fast Switch 61850 |
Affected:
S2020/S2020G Fast Switch 61850 Versions 07A03 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GE S2020/S2020G Fast Switch 61850",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-18T19:37:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE S2020/S2020G Fast Switch 61850",
"version": {
"version_data": [
{
"version_value": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18267",
"datePublished": "2019-12-18T19:37:46.000Z",
"dateReserved": "2019-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}