CVE-2019-18267

Name of the Vulnerable Software and Affected Versions GE S2020/S2020G Fast Switch 61850 versions 07A03 and prior

Description The issue allows an attacker to inject arbitrary Javascript in a specially crafted HTTP request, which may be reflected back in the HTTP response. This can lead to a stored cross-site scripting vulnerability, potentially enabling session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.

Recommendations For GE S2020/S2020G Fast Switch 61850 versions 07A03 and prior, update to a version later than 07A03 to resolve the issue. As a temporary workaround, consider restricting access to the device and implementing additional security measures to minimize the risk of exploitation.