Vulnerability CVE-2017-7907


Published: 2017-05-18   Modified: 2017-05-19

Description:
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
4.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
Schneider-electric -> Wonderware historian client 

 References:
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/
http://www.securityfocus.com/bid/98254
http://www.securitytracker.com/id/1038542
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01

Copyright 2024, cxsecurity.com

 

Back to Top