Lucene search

JpcertCVE-2023-43624

HistoryOct 23, 2023 - 5:15 a.m.

CVE-2023-43624

2023-10-2305:15:07

CWE-611

jpcert

web.nvd.nist.gov

cx-designer

ver.3.740

xxe vulnerability

disclosure

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.

Affected configurations

Nvd

Node

omromcx-designerRange≤3.740

VendorProductVersionCPE
omromcx-designer*cpe:2.3:a:omrom:cx-designer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
omrom	cx-designer	*	cpe:2.3:a:omrom:cx-designer::::::::

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "CX-Designer",
    "versions": [
      {
        "version": "Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4)",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU98683567/

www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-011_en.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2023-43624