Lucene search

SchneiderCVELIST:CVE-2023-37200

HistoryJul 12, 2023 - 7:11 a.m.

CVE-2023-37200

2023-07-1207:11:30

CWE-611

schneider

www.cve.org

cwe-611

loss of confidentiality

project file

local filesystem

manual restart

server.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.2%

JSON

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause loss of confidentiality when replacing a project file on the local filesystem and after
manual restart of the server.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EcoStruxure OPC UA Server Expert",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to SV2.01 SP2"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.2%

JSON

Related for CVELIST:CVE-2023-37200