CVE-2018-10832 Information
Feb 14, 2021
cve
Description
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files both XML-based which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user when opened/imported in ModbusPal will return the contents of any local files to a remote attacker.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-External-Entity-Injection.html https://www.exploit-db.com/exploits/44607/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.5
Share on: