Lucene search

[email protected]CVE-2015-6463

HistorySep 28, 2015 - 2:59 a.m.

CVE-2015-6463

2015-09-2802:59:14

[email protected]

web.nvd.nist.gov

cve-2015-6463

codewrights

hart comm

dtm components

endress+hauser

fieldcare

remote attackers

arbitrary files

http requests

intranet servers

denial of service

cpu

memory consumption

longtag xml schema

external entity declaration

entity reference

xml external entity (xxe)

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

JSON

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

codewrightshart_comm_dtm

endress\+hauserhart_comm_dtm

CPENameOperatorVersion
codewrights:hart_comm_dtmcodewrights hart comm dtmeq*
endress\+hauser:hart_comm_dtmendress+hauser hart comm dtmeq*

CPE	Name	Operator	Version
codewrights:hart_comm_dtm	codewrights hart comm dtm	eq	*
endress\+hauser:hart_comm_dtm	endress+hauser hart comm dtm	eq	*

References

ics-cert.us-cert.gov/advisories/ICSA-15-267-01

5.8 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for CVE-2015-6463

ics1 prion1 cvelist1 nvd1