CVE-2020-16246

GE Reason S20 Ethernet Switch

EPSS 0.7%CWE-79

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.7%KEV nãoPoC —Patch —

Lifecycle

Oct 20, 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

Affected products

General Electric · Reason S20 Ethernet Switch

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02