Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for s2020_firmware by ge

    CVE-2020-16246 (GCVE-0-2020-16246)

    Vulnerability from nvd – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:00:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16246",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16246",
        "datePublished": "2020-10-20T15:00:40.583Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:47:00.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16242 (GCVE-0-2020-16242)

    Vulnerability from nvd – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:01:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16242",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16242",
        "datePublished": "2020-09-25T17:37:26.885Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:34.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18267 (GCVE-0-2019-18267)

    Vulnerability from nvd – Published: 2019-12-18 19:37 – Updated: 2024-08-05 01:47
    VLAI
    Summary
    An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE S2020/S2020G Fast Switch 61850 Affected: S2020/S2020G Fast Switch 61850 Versions 07A03 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:47:14.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE S2020/S2020G Fast Switch 61850",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-18T19:37:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-18267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE S2020/S2020G Fast Switch 61850",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-18267",
        "datePublished": "2019-12-18T19:37:46.000Z",
        "dateReserved": "2019-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:47:14.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16246 (GCVE-0-2020-16246)

    Vulnerability from cvelistv5 – Published: 2020-10-20 15:00 – Updated: 2024-09-17 00:47
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:00:40.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16246",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16246",
        "datePublished": "2020-10-20T15:00:40.583Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:47:00.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-16242 (GCVE-0-2020-16242)

    Vulnerability from cvelistv5 – Published: 2020-09-25 17:37 – Updated: 2024-09-17 00:40
    VLAI
    Title
    GE Reason S20 Ethernet Switch
    Summary
    The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    General Electric Reason S20 Ethernet Switch Affected: S2020 , ≤ 07A06 (custom)
    Affected: S2024 , ≤ 07A06 (custom)
    Create a notification for this product.
    Date Public
    2020-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:37:54.177Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Reason S20 Ethernet Switch",
              "vendor": "General Electric",
              "versions": [
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2020",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "07A06",
                  "status": "affected",
                  "version": "S2024",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-20T15:01:06.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
            }
          ],
          "source": {
            "advisory": "icsa-20-266-02",
            "discovery": "UNKNOWN"
          },
          "title": "GE Reason S20 Ethernet Switch",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2020-09-22T16:00:00.000Z",
              "ID": "CVE-2020-16242",
              "STATE": "PUBLIC",
              "TITLE": "GE Reason S20 Ethernet Switch"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Reason S20 Ethernet Switch",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2020",
                                "version_value": "07A06"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "S2024",
                                "version_value": "07A06"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "General Electric"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
                }
              ]
            },
            "source": {
              "advisory": "icsa-20-266-02",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2020-16242",
        "datePublished": "2020-09-25T17:37:26.885Z",
        "dateReserved": "2020-07-31T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:40:34.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18267 (GCVE-0-2019-18267)

    Vulnerability from cvelistv5 – Published: 2019-12-18 19:37 – Updated: 2024-08-05 01:47
    VLAI
    Summary
    An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE S2020/S2020G Fast Switch 61850 Affected: S2020/S2020G Fast Switch 61850 Versions 07A03 and prior
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T01:47:14.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE S2020/S2020G Fast Switch 61850",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-18T19:37:46.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-18267",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE S2020/S2020G Fast Switch 61850",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "S2020/S2020G Fast Switch 61850 Versions 07A03 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01",
                  "refsource": "MISC",
                  "url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-18267",
        "datePublished": "2019-12-18T19:37:46.000Z",
        "dateReserved": "2019-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-05T01:47:14.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }