CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7484
https://notcve.org/view.php?id=CVE-2020-7484
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. This vulnerability was discovered and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. This feature is not present in version v4.9.1 and v4.10.1 through current. Therefore, the vulnerability is not present in these versions. **VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ** Una vulnerabilidad con la antigua funcionalidad "password" podría permitir un ataque de denegación de servicio si el usuario no sigue las directrices documentadas relativas a la conexión de TriStation dedicada y a la protección key-switch. • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 https://www.se.com/ww/en/download/document/SESB-2020-105-01 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-7483
https://notcve.org/view.php?id=CVE-2020-7483
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. This vulnerability was discovered in and remediated in versions v4.9.1 and v4.10.1 on May 30, 2013. The 'password' feature is an additional optional check performed by TS1131 that it is connected to a specific controller. This data is sent as clear text and is visible on the network. This feature is not present in TriStation 1131 versions v4.9.1 and v4.10.1 through current. • https://us-cert.cisa.gov/ics/advisories/icsa-20-205-01 https://www.se.com/ww/en/download/document/SESB-2020-105-01 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2020-7480
https://notcve.org/view.php?id=CVE-2020-7480
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. Una CWE-94: Se presenta una vulnerabilidad de Control Inapropiado de la Generación de Código ("Inyección de código") en Andover Continuum (Todas las versiones), lo que podría causar que los archivos en el sistema de archivos del servidor de aplicaciones sean visibles cuando un atacante interfiere con el procesamiento de datos XML de una aplicación. • https://www.se.com/ww/en/download/document/SEVD-2020-070-04 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2020-7482
https://notcve.org/view.php?id=CVE-2020-7482
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server. Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inapropiada de la Entrada Durante la Generación de Páginas Web ("Cross-site Scripting") en Andover Continuum (Todas las versiones), lo que podría causar un ataque de tipo Cross-site Scripting (ataque XSS) Reflexivo cuando se usa el servidor web de los productos. • https://www.se.com/ww/en/download/document/SEVD-2020-070-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2020-7481
https://notcve.org/view.php?id=CVE-2020-7481
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server. Una CWE-79: Se presenta una vulnerabilidad de Neutralización Inapropiada de la Entrada Durante la Generación de Páginas Web ("Cross-site Scripting") en Andover Continuum (Todas las versiones), lo que podría permitir un ataque de tipo Cross-site Scripting (ataque XSS) con éxito cuando se usa el servidor web de los productos. • https://www.se.com/ww/en/download/document/SEVD-2020-070-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •