What is CVE-2020-16246 vulnerability?

CVE-2020-16246 is a vulnerability in the Reason S20 Ethernet Switch that allows attackers to execute malicious JavaScript on the vulnerable site through cross-site scripting (XSS) attacks.

How does CVE-2020-16246 work?

CVE-2020-16246 works by tricking users into visiting a page or following a link that contains a malicious JavaScript statement, which is then rendered by the vulnerable site.

What is the severity of CVE-2020-16246?

CVE-2020-16246 has a severity rating of 6.1, which is considered medium.

What software versions are affected by CVE-2020-16246?

The Ge S2020 and Ge S2024 Ethernet Switches with firmware versions up to 07a06 are affected by CVE-2020-16246.

Is the Ge S2020 and Ge S2024 Ethernet Switches themselves vulnerable?

No, the Ge S2020 and Ge S2024 Ethernet Switches themselves are not vulnerable.

How can I fix CVE-2020-16246 vulnerability?

To fix CVE-2020-16246, it is recommended to update the firmware of the affected Reason S20 Ethernet Switch to a version that is not vulnerable.

Where can I find more information about CVE-2020-16246?

You can find more information about CVE-2020-16246 at the following link: [https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02](https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02)

Vulnerability/
CVE-2020-16246

medium

6.1

CWE

20/10/2020

17/9/2024

CVE-2020-16246: GE Reason S20 Ethernet Switch

First published: Tue Oct 20 2020(Updated: )

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Ge S2020 Firmware	<07a06
GE S2020
Ge S2024 Firmware	<07a06
Ge S2024

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-20-266-02

Frequently Asked Questions

What is CVE-2020-16246 vulnerability?
CVE-2020-16246 is a vulnerability in the Reason S20 Ethernet Switch that allows attackers to execute malicious JavaScript on the vulnerable site through cross-site scripting (XSS) attacks.
How does CVE-2020-16246 work?
CVE-2020-16246 works by tricking users into visiting a page or following a link that contains a malicious JavaScript statement, which is then rendered by the vulnerable site.
What is the severity of CVE-2020-16246?
CVE-2020-16246 has a severity rating of 6.1, which is considered medium.
What software versions are affected by CVE-2020-16246?
The Ge S2020 and Ge S2024 Ethernet Switches with firmware versions up to 07a06 are affected by CVE-2020-16246.
Is the Ge S2020 and Ge S2024 Ethernet Switches themselves vulnerable?
No, the Ge S2020 and Ge S2024 Ethernet Switches themselves are not vulnerable.
How can I fix CVE-2020-16246 vulnerability?
To fix CVE-2020-16246, it is recommended to update the firmware of the affected Reason S20 Ethernet Switch to a version that is not vulnerable.
Where can I find more information about CVE-2020-16246?
You can find more information about CVE-2020-16246 at the following link: [https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02](https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02)

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/references
agent/title
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
collector/ics-cert-advisory
source/ICS
vendor/ge
canonical/ge s2020 firmware
canonical/ge s2020
canonical/ge s2024 firmware
canonical/ge s2024

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.