Search criteria
12 vulnerabilities found for andover_continuum_9924_firmware by schneider-electric
FKIE_CVE-2020-7482
Vulnerability from fkie_nvd - Published: 2020-03-23 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3343D3-10EA-47A1-9EEC-B8348501BED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "911CF8D9-F392-400A-81F0-B55EE724C53F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E57181-1965-43F3-BD32-7ADB655353C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC4EFC-3227-498A-A387-456AA33D2668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD56546-BE9B-4AC1-8B28-F6F8EA856607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "406F67ED-EBC8-45CB-8281-CC373BDCEA59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03092B-591B-42D6-A3FA-5895C298920B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858DC6FD-DCAB-47E8-8795-F86EBC855925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453385B9-4E12-4C66-9F0A-22317444E60F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04246590-7180-4B1B-B75A-09CEACFE1CE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA71DD-1640-4C78-A902-2DCE7E369EE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web (\"Cross-site Scripting\") en Andover Continuum (Todas las versiones), lo que podr\u00eda causar un ataque de tipo Cross-site Scripting (ataque XSS) Reflexivo cuando se usa el servidor web de los productos."
}
],
"id": "CVE-2020-7482",
"lastModified": "2024-11-21T05:37:14.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T20:15:12.713",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7480
Vulnerability from fkie_nvd - Published: 2020-03-23 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3343D3-10EA-47A1-9EEC-B8348501BED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "911CF8D9-F392-400A-81F0-B55EE724C53F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E57181-1965-43F3-BD32-7ADB655353C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC4EFC-3227-498A-A387-456AA33D2668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD56546-BE9B-4AC1-8B28-F6F8EA856607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "406F67ED-EBC8-45CB-8281-CC373BDCEA59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03092B-591B-42D6-A3FA-5895C298920B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858DC6FD-DCAB-47E8-8795-F86EBC855925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453385B9-4E12-4C66-9F0A-22317444E60F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04246590-7180-4B1B-B75A-09CEACFE1CE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA71DD-1640-4C78-A902-2DCE7E369EE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
},
{
"lang": "es",
"value": "Una CWE-94: Se presenta una vulnerabilidad de Control Inapropiado de la Generaci\u00f3n de C\u00f3digo (\"Inyecci\u00f3n de c\u00f3digo\") en Andover Continuum (Todas las versiones), lo que podr\u00eda causar que los archivos en el sistema de archivos del servidor de aplicaciones sean visibles cuando un atacante interfiere con el procesamiento de datos XML de una aplicaci\u00f3n."
}
],
"id": "CVE-2020-7480",
"lastModified": "2024-11-21T05:37:13.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T20:15:12.543",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7481
Vulnerability from fkie_nvd - Published: 2020-03-23 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3343D3-10EA-47A1-9EEC-B8348501BED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "911CF8D9-F392-400A-81F0-B55EE724C53F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E57181-1965-43F3-BD32-7ADB655353C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FC4EFC-3227-498A-A387-456AA33D2668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD56546-BE9B-4AC1-8B28-F6F8EA856607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "406F67ED-EBC8-45CB-8281-CC373BDCEA59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03092B-591B-42D6-A3FA-5895C298920B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858DC6FD-DCAB-47E8-8795-F86EBC855925",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453385B9-4E12-4C66-9F0A-22317444E60F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04246590-7180-4B1B-B75A-09CEACFE1CE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFA71DD-1640-4C78-A902-2DCE7E369EE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad de Neutralizaci\u00f3n Inapropiada de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web (\"Cross-site Scripting\") en Andover Continuum (Todas las versiones), lo que podr\u00eda permitir un ataque de tipo Cross-site Scripting (ataque XSS) con \u00e9xito cuando se usa el servidor web de los productos."
}
],
"id": "CVE-2020-7481",
"lastModified": "2024-11-21T05:37:13.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-23T20:15:12.620",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-6853
Vulnerability from fkie_nvd - Published: 2019-11-20 22:15 - Updated: 2024-11-21 04:47
Severity ?
Summary
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9680_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CABA87DF-4D29-41D5-9C04-FCE822E08548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB64C97-4C76-4EA1-81BA-BECABB36882F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5740_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FCDE6F-3C90-4494-A768-B9556822555E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D425EDA6-288C-4F66-B1E8-D47B52C45371",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_5720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADAEA00E-C3B6-42B2-823B-5722033E0C46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_5720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD829769-A8A2-4362-83F0-DD8C0C66124C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx4040_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D80F1F9E-89E3-4263-AEA6-555226B412B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx4040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CB3D1AD-9BAE-4DA5-B32B-63F1A2FEE30B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_bcx9640_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B69F42-8AF8-47AA-ABCC-6FCB2ACF8A2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_bcx9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0F10A1-AC1F-425B-90D4-ECFFEFF8A6F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9900_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "373C69FE-14ED-4D75-9E60-BFE90F111D19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49764811-1299-4612-B19E-5D9BE4005186",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7979C28-2D31-4024-B9F9-5BA824D29216",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C825C-CAB3-4465-B7B8-380E1A20AC0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9941_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FAE3F03-CECB-4B21-987E-B9B7EB1BF3B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9941:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD997D7-5A18-4983-BA8C-D29AA27843C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9924_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB62B8D7-1157-460B-95A8-DF6F553949CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9924:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB35B6B-69DC-4A8A-AE3E-CA9A6127B080",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9702_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14FDC5C2-695A-4349-B392-82AA8459115B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9702:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F721BC6-0CA1-4431-853D-B2D923A66751",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:schneider-electric:andover_continuum_9200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC56178-69E7-47BC-9965-25EC3CCD7C05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:schneider-electric:andover_continuum_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE93F39-BF30-42EF-8387-4C060F075D49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
},
{
"lang": "es",
"value": "Una CWE-79: Se presenta una vulnerabilidad de Fallo al Preservar la Estructura de la P\u00e1gina Web en Andover Continuum (modelos 9680, 5740 y 5720, bCX4040, bCX9640, 9900, 9940, 9924 y 9702), lo que podr\u00eda permitir un ataque de tipo Cross-site Scripting (XSS) cuando se utiliza el servidor web de productos."
}
],
"id": "CVE-2019-6853",
"lastModified": "2024-11-21T04:47:17.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-20T22:15:12.107",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cybersecurity@se.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7480 (GCVE-0-2020-7480)
Vulnerability from cvelistv5 – Published: 2020-03-23 19:24 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:24:37",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7480",
"datePublished": "2020-03-23T19:24:37",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7482 (GCVE-0-2020-7482)
Vulnerability from cvelistv5 – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:18.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:23:57",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7482",
"datePublished": "2020-03-23T19:23:57",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:18.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7481 (GCVE-0-2020-7481)
Vulnerability from cvelistv5 – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:23:49",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7481",
"datePublished": "2020-03-23T19:23:49",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6853 (GCVE-0-2019-6853)
Vulnerability from cvelistv5 – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Failure to Preserve Web Page Structure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702 |
Affected:
Andover Continuum models 9680
Affected: 5740 and 5720 Affected: bCX4040 Affected: bCX9640 Affected: 9900 Affected: 9940 Affected: 9924 and 9702 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Andover Continuum models 9680"
},
{
"status": "affected",
"version": "5740 and 5720"
},
{
"status": "affected",
"version": "bCX4040"
},
{
"status": "affected",
"version": "bCX9640"
},
{
"status": "affected",
"version": "9900"
},
{
"status": "affected",
"version": "9940"
},
{
"status": "affected",
"version": "9924 and 9702"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Failure to Preserve Web Page Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T22:01:18",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
"version": {
"version_data": [
{
"version_value": "Andover Continuum models 9680"
},
{
"version_value": "5740 and 5720"
},
{
"version_value": "bCX4040"
},
{
"version_value": "bCX9640"
},
{
"version_value": "9900"
},
{
"version_value": "9940"
},
{
"version_value": "9924 and 9702"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Failure to Preserve Web Page Structure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6853",
"datePublished": "2019-11-20T22:01:18",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7480 (GCVE-0-2020-7480)
Vulnerability from nvd – Published: 2020-03-23 19:24 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:24:37",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application\u0027s processing of XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7480",
"datePublished": "2020-03-23T19:24:37",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7482 (GCVE-0-2020-7482)
Vulnerability from nvd – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:18.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:23:57",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7482",
"datePublished": "2020-03-23T19:23:57",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:18.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7481 (GCVE-0-2020-7481)
Vulnerability from nvd – Published: 2020-03-23 19:23 – Updated: 2024-08-04 09:33
VLAI?
Summary
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Andover Continuum (All versions) |
Affected:
Andover Continuum (All versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum (All versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Andover Continuum (All versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T19:23:49",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2020-7481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum (All versions)",
"version": {
"version_data": [
{
"version_value": "Andover Continuum (All versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products\u0027 web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79:Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-070-04/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2020-7481",
"datePublished": "2020-03-23T19:23:49",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6853 (GCVE-0-2019-6853)
Vulnerability from nvd – Published: 2019-11-20 22:01 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Failure to Preserve Web Page Structure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric | Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702 |
Affected:
Andover Continuum models 9680
Affected: 5740 and 5720 Affected: bCX4040 Affected: bCX9640 Affected: 9900 Affected: 9940 Affected: 9924 and 9702 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Andover Continuum models 9680"
},
{
"status": "affected",
"version": "5740 and 5720"
},
{
"status": "affected",
"version": "bCX4040"
},
{
"status": "affected",
"version": "bCX9640"
},
{
"status": "affected",
"version": "9900"
},
{
"status": "affected",
"version": "9940"
},
{
"status": "affected",
"version": "9924 and 9702"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Failure to Preserve Web Page Structure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-20T22:01:18",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Andover Continuum models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702",
"version": {
"version_data": [
{
"version_value": "Andover Continuum models 9680"
},
{
"version_value": "5740 and 5720"
},
{
"version_value": "bCX4040"
},
{
"version_value": "bCX9640"
},
{
"version_value": "9900"
},
{
"version_value": "9940"
},
{
"version_value": "9924 and 9702"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Failure to Preserve Web Page Structure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/",
"refsource": "CONFIRM",
"url": "https://www.se.com/ww/en/download/document/SEVD-2019-316-01/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6853",
"datePublished": "2019-11-20T22:01:18",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}