Search criteria
2 vulnerabilities found for s2020 by ge
VAR-201912-0999
Vulnerability from variot - Updated: 2023-12-18 12:56An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. GE S2020 and S2020G Fast Switch 61850 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. An attacker could use this vulnerability to inject arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0999",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s2020",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "07a03"
},
{
"model": "s2020g",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "07a03"
},
{
"model": "s2020",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "07a03"
},
{
"model": "s2020g",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "07a03"
},
{
"model": "electric s2020/s2020g fast switch \u003c=07a03",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "61850"
},
{
"model": "s2020",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "s2020g",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "07a03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2020g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "07a03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2020g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18267"
}
]
},
"cve": "CVE-2019-18267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18267",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-04657",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-18267",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18267",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-04657",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-821",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. GE S2020 and S2020G Fast Switch 61850 Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. An attacker could use this vulnerability to inject arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "CNVD",
"id": "CNVD-2020-04657"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-19-351-01",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-18267",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-04657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4706",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"id": "VAR-201912-0999",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
}
]
},
"last_update_date": "2023-12-18T12:56:15.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ge.com/"
},
{
"title": "Patch for GE S2020 / S2020G Fast Switch 61850 Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/199965"
},
{
"title": "S2020/S2020G Fast Switch 61850 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105928"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-351-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18267"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18267"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4706/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"date": "2020-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"date": "2019-12-18T20:15:16.383000",
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"date": "2019-12-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04657"
},
{
"date": "2020-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013870"
},
{
"date": "2020-01-07T18:33:28.163000",
"db": "NVD",
"id": "CVE-2019-18267"
},
{
"date": "2020-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE S2020 and S2020G Fast Switch 61850 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013870"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-821"
}
],
"trust": 0.6
}
}
VAR-202009-0599
Vulnerability from variot - Updated: 2023-12-18 11:57The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. Reason S20 The series is General Electric An industrial managed Ethernet switch provided by the company. Reason S20 There are several vulnerabilities in the series: * Cross-site scripting (CWE-79) - CVE-2020-16242 * Cross-site scripting (CWE-79) - CVE-2020-16246The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-16242 * A remote third party can use cross-site scripting to execute arbitrary scripts on the user's web browser. - CVE-2020-16246
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s2024",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "07a06"
},
{
"model": "s2020",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "07a06"
},
{
"model": "s2020",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "07a06"
},
{
"model": "s2024",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "07a06"
},
{
"model": "electric reason s20 ethernet switch \u003cs2020 07a06",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric reason s20 ethernet switch \u003cs2024 07a06",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "07a06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2024_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "07a06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2024:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"cve": "CVE-2020-16242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-53778",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-16242",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008763",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2020-16242",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-53778",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1316",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-16242",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. Reason S20 The series is General Electric An industrial managed Ethernet switch provided by the company. Reason S20 There are several vulnerabilities in the series: * Cross-site scripting (CWE-79) - CVE-2020-16242 * Cross-site scripting (CWE-79) - CVE-2020-16246The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-16242 * A remote third party can use cross-site scripting to execute arbitrary scripts on the user\u0027s web browser. - CVE-2020-16246",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16242",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-266-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU94954118",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-53778",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3265",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16242",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"id": "VAR-202009-0599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
}
],
"trust": 0.8999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
}
]
},
"last_update_date": "2023-12-18T11:57:58.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Reason S20",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=s20\u0026type=7"
},
{
"title": "Reason S20 Industrial Managed Ethernet Switch Firmware version 07A06 Release Notes",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/products/software/reason-s20-fw-07a06-release-notes.pdf"
},
{
"title": "Patch for GE Reason S20 Ethernet Switch cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/235468"
},
{
"title": "GE Reason S20 managed Ethernet switches Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131081"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-16242 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16242"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16246"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94954118/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16242"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3265/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-16242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"date": "2020-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"date": "2020-09-25T18:15:15.113000",
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"date": "2023-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"date": "2023-01-31T21:36:13.183000",
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Made Reason S20 Multiple cross-site scripting vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
],
"trust": 0.6
}
}