Vulnerability Details CVE-2020-14504
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2020-14504
-
cpe:2.3:h:rockwellautomation:1734-aentr_point_i/o_dual_port_network_adaptor_series_b:-
-
cpe:2.3:h:rockwellautomation:1734-aentr_point_i/o_dual_port_network_adaptor_series_c:-
-
Rockwellautomation » 1734-Aentr Point I/o Dual Port Network Adaptor Series B Firmware » Version: Anycpe:2.3:o:rockwellautomation:1734-aentr_point_i/o_dual_port_network_adaptor_series_b_firmware:*
-
Rockwellautomation » 1734-Aentr Point I/o Dual Port Network Adaptor Series C Firmware » Version: 6.011cpe:2.3:o:rockwellautomation:1734-aentr_point_i/o_dual_port_network_adaptor_series_c_firmware:6.011
-
Rockwellautomation » 1734-Aentr Point I/o Dual Port Network Adaptor Series C Firmware » Version: 6.012cpe:2.3:o:rockwellautomation:1734-aentr_point_i/o_dual_port_network_adaptor_series_c_firmware:6.012