What is CVE-2020-11420?

CVE-2020-11420 is a vulnerability in UPS Adapter CS141 before version 1.90 that allows Directory Traversal, enabling an attacker to access files and directories outside the web root folder.

How severe is CVE-2020-11420?

CVE-2020-11420 has a severity value of 6.5, which is considered medium.

What software is affected by CVE-2020-11420?

The affected software includes ABB CS141 Firmware versions 1.66 to 1.88, and Generex CS141 Firmware up to version 1.90.

How can an attacker exploit CVE-2020-11420?

An attacker with Admin or Engineer login credentials can exploit CVE-2020-11420 by manipulating variables that reference files and gaining access to files and directories outside the web root folder.

Where can I find more information on CVE-2020-11420?

You can find more information on CVE-2020-11420 in the security advisories provided by ABB and Generex, as well as on the Generex website.

Vulnerability/
CVE-2020-11420

medium

6.5

CWE

27/4/2020

4/8/2024

CVE-2020-11420: Path Traversal

First published: Mon Apr 27 2020(Updated: )

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Abb Cs141 Firmware	>=1.66<=1.88
Abb Cs141
Generex Cs141 Firmware	<1.90
Generex CS141

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-11420?
CVE-2020-11420 is a vulnerability in UPS Adapter CS141 before version 1.90 that allows Directory Traversal, enabling an attacker to access files and directories outside the web root folder.
How severe is CVE-2020-11420?
CVE-2020-11420 has a severity value of 6.5, which is considered medium.
What software is affected by CVE-2020-11420?
The affected software includes ABB CS141 Firmware versions 1.66 to 1.88, and Generex CS141 Firmware up to version 1.90.
How can an attacker exploit CVE-2020-11420?
An attacker with Admin or Engineer login credentials can exploit CVE-2020-11420 by manipulating variables that reference files and gaining access to files and directories outside the web root folder.
Where can I find more information on CVE-2020-11420?
You can find more information on CVE-2020-11420 in the security advisories provided by ABB and Generex, as well as on the Generex website.

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/description
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/abb
canonical/abb cs141 firmware
version/abb cs141 firmware/1.66
version/abb cs141 firmware/1.88
canonical/abb cs141
vendor/generex
canonical/generex cs141 firmware
canonical/generex cs141

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.