Japan Vulnerability NotesJVN:54775800JVN#54775800: FAST/TOOLS vulnerable to improper restriction of XML external entity references
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:N/A:P
EPSS
Percentile
27.8%
FAST/TOOLS provided by Yokogawa Electric Corporation contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).
Impact
When opening a project with a specially crafted XML file, information managed by the product may be disclosed or may become a victim of a denial-of-service (DoS).
Solution
Apply an Update
Update to the latest version according to the information provided by the developer.
According to the developer, this vulnerability was addressed in FAST/TOOLS R9.05-SP2, and the most recent version FAST/TOOLS R10.01 is not vulnerable.
Products Affected
- FAST/TOOLS R9.01 through R9.05
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:N/A:P
EPSS
Percentile
27.8%