Detections
Analytics

GE Reason S20 Ethernet Switch Improper Neutralization of Input During Web Page Generation (CVE-2020-16246)

medium Tenable OT Security Plugin ID 503350

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. Instructions on how to upgrade the firmware and verify its installation are available in the product user’s manual. Upgrading can be done by downloading the upgrade file directly from the GE website.

See Also

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02

Plugin Details

Severity: Medium

ID: 503350

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 10/2/2025

Updated: 10/3/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-16246

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/o:ge:s2020_firmware, cpe:/o:ge:s2024_firmware

Required KB Items: Tenable.ot/GE

Exploit Ease: No known exploits are available

Patch Publication Date: 10/20/2020

Vulnerability Publication Date: 10/20/2020

Reference Information

CVE: CVE-2020-16246

CWE: 79

ICSA: 20-266-02