The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST requests. A remote, unauthenticated attacker can send a crafted request that may allow for modification of the configuration settings.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 1734-aentr_point_i/o_dual_port_network_adaptor_series_b_firmware | Rockwellautomation | 4.001 (including) | 4.005 (including) |
| 1734-aentr_point_i/o_dual_port_network_adaptor_series_b_firmware | Rockwellautomation | 5.011 (including) | 5.017 (including) |