CVE-2020-16242
GE Reason S20 Ethernet Switch
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
El Reason S20 Ethernet Switch afectado es vulnerable a un ataque de tipo cross-site scripting (XSS), que pueden permitir a un atacante engañar a los usuarios de la aplicación para llevar a cabo acciones críticas de la aplicación que incluyen, pero no los limita a, agregar y actualizar cuentas
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-31 CVE Reserved
- 2020-09-25 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ge Search vendor "Ge" | S2020 Firmware Search vendor "Ge" for product "S2020 Firmware" | < 07a06 Search vendor "Ge" for product "S2020 Firmware" and version " < 07a06" | - |
Affected
| in | Ge Search vendor "Ge" | S2020 Search vendor "Ge" for product "S2020" | - | - |
Safe
|
| Ge Search vendor "Ge" | S2024 Firmware Search vendor "Ge" for product "S2024 Firmware" | < 07a06 Search vendor "Ge" for product "S2024 Firmware" and version " < 07a06" | - |
Affected
| in | Ge Search vendor "Ge" | S2024 Search vendor "Ge" for product "S2024" | - | - |
Safe
|