Lucene search

IcscertCVELIST:CVE-2024-1167

HistoryFeb 01, 2024 - 6:01 p.m.

CVE-2024-1167 SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference

2024-02-0118:01:24

CWE-611

icscert

www.cve.org

sew-eurodrive

movitools

motionstudio

xml

external entity reference

restriction

issue

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MOVITOOLS MotionStudio",
    "vendor": "SEW-EURODRIVE",
    "versions": [
      {
        "status": "affected",
        "version": "6.5.0.2"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-24-016-01

www.seweurodrive.com/contact_us/contact_us.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVELIST:CVE-2024-1167