CVE-2017-7907 Information
Feb 14, 2021
cve
Description
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Reference
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/ http://www.securityfocus.com/bid/98254 http://www.securitytracker.com/id/1038542 https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
HIGH
Base Severity
6.6
Share on: