Lucene search

SchneiderCVELIST:CVE-2022-0221

HistoryMar 28, 2022 - 4:25 p.m.

CVE-2022-0221

2022-03-2816:25:26

CWE-611

schneider

www.cve.org

cwe-611

information disclosure

solution file

scadapack workbench

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

CNA Affected

[
  {
    "product": "SCADAPack Workbench",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThan": "and prior",
        "status": "affected",
        "version": "6.6.8a",
        "versionType": "custom"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2022-087-01/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

Related for CVELIST:CVE-2022-0221