CVE-2020-16242: GE Reason S20 Ethernet Switch
First published: Tue Sep 22 2020(Updated: )
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge S2020 Firmware | <07a06 | |
| GE S2020 | ||
| Ge S2024 Firmware | <07a06 | |
| Ge S2024 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-16242.
What is the severity of CVE-2020-16242?
The severity of CVE-2020-16242 is medium with a CVSS score of 6.1.
What software is affected by CVE-2020-16242?
The affected software for CVE-2020-16242 is Ge S2020 Firmware version up to 07a06 and Ge S2024 Firmware version up to 07a06.
What is cross-site scripting (XSS)?
Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web applications viewed by other users.
What actions can an attacker perform with CVE-2020-16242?
An attacker can trick application users into performing critical application actions, such as adding and updating accounts, with CVE-2020-16242.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- vendor/ge
- canonical/ge s2020 firmware
- canonical/ge s2020
- canonical/ge s2024 firmware
- canonical/ge s2024