Описание
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 6.11.00 (включая)
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00093
Низкий
7.1 High
CVSS3
5.6 Medium
CVSS2
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 7.1
github
почти 4 года назад
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
EPSS
Процентиль: 26%
0.00093
Низкий
7.1 High
CVSS3
5.6 Medium
CVSS2
Дефекты
CWE-611
CWE-611