CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
24.0%
The web interface of the 1734-AENTR communication module is vulnerable to stored XSS. A remote, unauthenticated attacker could store a malicious script within the web interface that, when executed, could modify some string values on the homepage of the web interface.
Vendor | Product | Version | CPE |
---|---|---|---|
rockwellautomation | 1734-aentr_point_i\/o_dual_port_network_adaptor_series_b | - | cpe:2.3:h:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b:-:*:*:*:*:*:*:* |
rockwellautomation | 1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware | * | cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_b_firmware:*:*:*:*:*:*:*:* |
rockwellautomation | 1734-aentr_point_i\/o_dual_port_network_adaptor_series_c | - | cpe:2.3:h:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c:-:*:*:*:*:*:*:* |
rockwellautomation | 1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware | 6.011 | cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware:6.011:*:*:*:*:*:*:* |
rockwellautomation | 1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware | 6.012 | cpe:2.3:o:rockwellautomation:1734-aentr_point_i\/o_dual_port_network_adaptor_series_c_firmware:6.012:*:*:*:*:*:*:* |
[
{
"product": "1734-AENTR",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Series B 4.001 to 4.005, and 5.011 to 5.017"
},
{
"status": "affected",
"version": "Series C 6.011 and 6.012"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
24.0%