CVE-2020-14502 (GCVE-0-2020-14502)

Vulnerability from cvelistv5 – Published: 2022-02-24 18:26 – Updated: 2025-04-17 18:48
VLAI?
Summary
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
Vendor Product Version
Rockwell Automation 1734-AENTR Affected: Series B 4.001 to 4.005, and 5.011 to 5.017
Affected: Series C 6.011 and 6.012
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-14502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T17:51:29.104075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T18:48:11.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1734-AENTR",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
            },
            {
              "status": "affected",
              "version": "Series C 6.011 and 6.012"
            }
          ]
        }
      ],
      "datePublic": "2021-03-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-24T18:26:57.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-03-04T17:00:00.000Z",
          "ID": "CVE-2020-14502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1734-AENTR",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Series B",
                            "version_value": "4.001 to 4.005, and 5.011 to 5.017"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Series C",
                            "version_value": "6.011 and 6.012"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rockwell Automation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14502",
    "datePublished": "2022-02-24T18:26:57.475Z",
    "dateReserved": "2020-06-19T00:00:00.000Z",
    "dateUpdated": "2025-04-17T18:48:11.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.001\", \"versionEndIncluding\": \"4.005\", \"matchCriteriaId\": \"DC7EE03C-DA81-40CC-B522-8483E5481DCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.011\", \"versionEndIncluding\": \"5.017\", \"matchCriteriaId\": \"593FCDBB-E5D0-4E57-B10C-3FA3C72CDD75\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAD4BA02-28F4-4138-9E52-C12042DD997C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B44E467A-31EE-46BE-82AA-101C7C2EDC7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D0F84C-6F68-4E2D-99AF-FA9E0682A24C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490F9ECB-1303-4457-9D20-8ADAC160AF6C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.\"}, {\"lang\": \"es\", \"value\": \"La interfaz web del m\\u00f3dulo de comunicaci\\u00f3n 1734-AENTR es vulnerable a un ataque de tipo XSS almacenado. Un atacante remoto no autenticado podr\\u00eda almacenar un script malicioso dentro de la interfaz web que, cuando sea ejecutado, podr\\u00eda modificar algunos valores de cadena en la p\\u00e1gina de inicio de la interfaz web\"}]",
      "id": "CVE-2020-14502",
      "lastModified": "2024-11-21T05:03:24.597",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-02-24T19:15:08.900",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14502\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-02-24T19:15:08.900\",\"lastModified\":\"2025-04-17T19:15:50.403\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.\"},{\"lang\":\"es\",\"value\":\"La interfaz web del m\u00f3dulo de comunicaci\u00f3n 1734-AENTR es vulnerable a un ataque de tipo XSS almacenado. Un atacante remoto no autenticado podr\u00eda almacenar un script malicioso dentro de la interfaz web que, cuando sea ejecutado, podr\u00eda modificar algunos valores de cadena en la p\u00e1gina de inicio de la interfaz web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.001\",\"versionEndIncluding\":\"4.005\",\"matchCriteriaId\":\"DC7EE03C-DA81-40CC-B522-8483E5481DCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.011\",\"versionEndIncluding\":\"5.017\",\"matchCriteriaId\":\"593FCDBB-E5D0-4E57-B10C-3FA3C72CDD75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD4BA02-28F4-4138-9E52-C12042DD997C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B44E467A-31EE-46BE-82AA-101C7C2EDC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D0F84C-6F68-4E2D-99AF-FA9E0682A24C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:rockwellautomation:1734-aentr_point_i\\\\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490F9ECB-1303-4457-9D20-8ADAC160AF6C\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T12:46:34.804Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-14502\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-17T17:51:29.104075Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-17T17:51:47.573Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"1734-AENTR\", \"versions\": [{\"status\": \"affected\", \"version\": \"Series B 4.001 to 4.005, and 5.011 to 5.017\"}, {\"status\": \"affected\", \"version\": \"Series C 6.011 and 6.012\"}]}], \"datePublic\": \"2021-03-04T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"tags\": [\"x_refsource_MISC\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Cross-site Scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-02-24T18:26:57.000Z\"}, \"x_legacyV4Record\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"Series B\", \"version_value\": \"4.001 to 4.005, and 5.011 to 5.017\", \"version_affected\": \"=\"}, {\"version_name\": \"Series C\", \"version_value\": \"6.011 and 6.012\", \"version_affected\": \"=\"}]}, \"product_name\": \"1734-AENTR\"}]}, \"vendor_name\": \"Rockwell Automation\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-79 Cross-site Scripting (XSS)\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-14502\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\", \"DATE_PUBLIC\": \"2021-03-04T17:00:00.000Z\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-14502\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-17T18:48:11.572Z\", \"dateReserved\": \"2020-06-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-02-24T18:26:57.475Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.