VAR-202009-0599
Vulnerability from variot - Updated: 2023-12-18 11:57The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. Reason S20 The series is General Electric An industrial managed Ethernet switch provided by the company. Reason S20 There are several vulnerabilities in the series: * Cross-site scripting (CWE-79) - CVE-2020-16242 * Cross-site scripting (CWE-79) - CVE-2020-16246The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-16242 * A remote third party can use cross-site scripting to execute arbitrary scripts on the user's web browser. - CVE-2020-16246
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s2024",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "07a06"
},
{
"model": "s2020",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "07a06"
},
{
"model": "s2020",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "07a06"
},
{
"model": "s2024",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "07a06"
},
{
"model": "electric reason s20 ethernet switch \u003cs2020 07a06",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric reason s20 ethernet switch \u003cs2024 07a06",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2020_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "07a06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:s2024_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "07a06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:s2024:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"cve": "CVE-2020-16242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-53778",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-16242",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-008763",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-008763",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2020-16242",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-53778",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1316",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-16242",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. Reason S20 The series is General Electric An industrial managed Ethernet switch provided by the company. Reason S20 There are several vulnerabilities in the series: * Cross-site scripting (CWE-79) - CVE-2020-16242 * Cross-site scripting (CWE-79) - CVE-2020-16246The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-16242 * A remote third party can use cross-site scripting to execute arbitrary scripts on the user\u0027s web browser. - CVE-2020-16246",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16242",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-266-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU94954118",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-53778",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3265",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-16242",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"id": "VAR-202009-0599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
}
],
"trust": 0.8999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
}
]
},
"last_update_date": "2023-12-18T11:57:58.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Reason S20",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/viewfiles.aspx?prod=s20\u0026type=7"
},
{
"title": "Reason S20 Industrial Managed Ethernet Switch Firmware version 07A06 Release Notes",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/products/software/reason-s20-fw-07a06-release-notes.pdf"
},
{
"title": "Patch for GE Reason S20 Ethernet Switch cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/235468"
},
{
"title": "GE Reason S20 managed Ethernet switches Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=131081"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-16242 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16242"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16246"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94954118/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16242"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3265/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2020-16242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"date": "2020-09-25T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"date": "2020-09-25T18:15:15.113000",
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-53778"
},
{
"date": "2023-01-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16242"
},
{
"date": "2020-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-008763"
},
{
"date": "2023-01-31T21:36:13.183000",
"db": "NVD",
"id": "CVE-2020-16242"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Made Reason S20 Multiple cross-site scripting vulnerabilities in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-008763"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1316"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…