← Back

CVE-2020-7481

nvd nist
Published: Mar 23, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.

Affected (11)

Schneider Electric
11 products
Andover Continuum 9680 Firmware
Andover Continuum 5740 Firmware
Andover Continuum 5720 Firmware
Andover Continuum Bcx4040 Firmware
Andover Continuum Bcx9640 Firmware
Andover Continuum 9900 Firmware
Andover Continuum 9940 Firmware
Andover Continuum 9941 Firmware
Andover Continuum 9924 Firmware
Andover Continuum 9702 Firmware
Andover Continuum 9200 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9680 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9680
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 5740 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 5740
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 5720 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 5720
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum Bcx4040 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum Bcx4040
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum Bcx9640 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum Bcx9640
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9900 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9900
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9940 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9940
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9941 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9941
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9924 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9924
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9702 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9702
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Andover Continuum 9200 Firmware
All versions
Running on/withPlatform Versions
Schneider Electric
Andover Continuum 9200
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: cybersecurity@se.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.