exploitDog

CVE-2013-0686

Опубликовано: 09 мая 2013

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-113-01
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:invensys:wonderware_information_server:4.0:sp1sp1:*:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:4.5:-:portal:*:*:*:*:*

cpe:2.3:a:invensys:wonderware_information_server:5.0:-:portal:*:*:*:*:*

EPSS

Процентиль: 64%

0.00467

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-jh5p-5rj4-h67g

github

больше 3 лет назад

Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

EPSS

Процентиль: 64%

0.00467

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-20