ID CVE-2017-7907
Summary An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.
References
Vulnerable Configurations
  • cpe:2.3:a:schneider-electric:wonderware_historian_client:2014_r2:sp1
    cpe:2.3:a:schneider-electric:wonderware_historian_client:2014_r2:sp1
CVSS
Base: 3.3
Impact:
Exploitability:
CWE CWE-611
CAPEC
refmap via4
bid 98254
misc
sectrack 1038542
Last major update 18-05-2017 - 23:29
Published 18-05-2017 - 23:29
Last modified 07-07-2017 - 21:29
Back to Top