3 matches found
Schneider Electric IIoT Monitor (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: IIoT Monitor --------- Begin Update A Part 1 of 2 -------- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE, Cryptographic Issues...
CVE-2018-7837
An Improper Restriction of XML External Entity Reference 'XXE' vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its outp...
CVE-2018-7837
CVE-2018-7837 affects Schneider Electric IIoT Monitor (version 3.1.38 and earlier). The connected advisories describe an improper restriction of XML External Entity (XXE) references in multiple components (e.g., RuleMgmt addRule, AccountMgmt, EventMgmt, Login/Logout, and others) that can cause th...