Vulnerabilities (CVE)

Filtered by vendor Schneider-electric Subscribe
Filtered by product Andover Continuum 9680
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7482 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could cause a Reflective Cross-site Scripting (XSS attack) when using the products' web server.
CVE-2020-7480 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.
CVE-2020-7481 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists Andover Continuum (All versions), which could enable a successful Cross-site Scripting (XSS attack) when using the products' web server.
CVE-2019-6853 1 Schneider-electric 22 Andover Continuum 5720, Andover Continuum 5720 Firmware, Andover Continuum 5740 and 19 more 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.