GE Reason S20 Ethernet Switch Improper Neutralization of Input During Web Page Generation (CVE-2020-16242)

medium Tenable OT Security Plugin ID 503352

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

GE recommends that S20 users upgrade to firmware Version 07A06 or higher to fix this vulnerability. Instructions on how to upgrade the firmware and verify its installation are available in the product user’s manual. Upgrading can be done by downloading the upgrade file directly from the GE website.

See Also

https://us-cert.cisa.gov/ics/advisories/icsa-20-266-02

Plugin Details

Severity: Medium

ID: 503352

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 10/2/2025

Updated: 10/3/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-16242

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/o:ge:s2020_firmware, cpe:/o:ge:s2024_firmware

Required KB Items: Tenable.ot/GE

Exploit Ease: No known exploits are available

Patch Publication Date: 9/25/2020

Vulnerability Publication Date: 9/25/2020

Reference Information

CVE: CVE-2020-16242

CWE: 79

ICSA: 20-266-02