Lucene search
SchneiderCVE-2023-37200HistoryJul 12, 2023 - 8:15 a.m.
CVE-2023-37200
2023-07-1208:15:10
CWE-611
schneider
web.nvd.nist.gov
10
cve-2023-37200
cwe-611
xml external entity
confidentiality loss
local filesystem
server restart
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
22.2%
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause loss of confidentiality when replacing a project file on the local filesystem and after
manual restart of the server.
Affected configurations
Node
seecostruxure_opc_ua_server_expertRange<2.01
ORseecostruxure_opc_ua_server_expertMatch2.01-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| se | ecostruxure_opc_ua_server_expert | * | cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:*:*:*:*:*:*:*:* |
| se | ecostruxure_opc_ua_server_expert | 2.01 | cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:2.01:-:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "EcoStruxure OPC UA Server Expert",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to SV2.01 SP2"
}
]
}
]Related
prion
prion
Xxe
2023-07-12 08:15:00
nvd
nvd
CVE-2023-37200
2023-07-12 08:15:10
cvelist
cvelist
CVE-2023-37200
2023-07-12 07:11:30
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
22.2%
Related for CVE-2023-37200