2 matches found
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
CVE-2012-4709
Invensys Wonderware InTouch HMI 2012 R2 and earlier are affected by CVE-2012-4709 due to unsafe XML external entity handling (XXE). An attacker could craft an XML document with an external entity and cause the application to read local or remote files, send HTTP requests to intranet resources, or...