CVE-2020-14504

Published: Feb 24, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.

Vendor	Product	Versions
Rockwell Automation	1734-AENTR	affected `Series B 4.001 to 4.005, and 5.011 to 5.017` affected `Series C 6.011 and 6.012`

Weaknesses (CWE)

CWE-284

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-063-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14504

Description

Affected Products

Weaknesses (CWE)

References