CVE-2020-14478 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611

2020-06-2500:00:00

CWE-611

icscert

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.

CNA Affected

[
  {
    "product": "FactoryTalk Services Platform",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "lessThanOrEqual": "6.11.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-20-177-02