Lucene search

[email protected]NVD:CVE-2023-37200

HistoryJul 12, 2023 - 8:15 a.m.

CVE-2023-37200

2023-07-1208:15:10

CWE-611

[email protected]

web.nvd.nist.gov

cwe-611

loss of confidentiality

project file

local filesystem

manual restart

server

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.2%

JSON

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause loss of confidentiality when replacing a project file on the local filesystem and after
manual restart of the server.

Affected configurations

Nvd

Node

seecostruxure_opc_ua_server_expertRange<2.01

seecostruxure_opc_ua_server_expertMatch2.01-

VendorProductVersionCPE
seecostruxure_opc_ua_server_expert*cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:*:*:*:*:*:*:*:*
seecostruxure_opc_ua_server_expert2.01cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:2.01:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
se	ecostruxure_opc_ua_server_expert	*	cpe:2.3:a:se:ecostruxure_opc_ua_server_expert::::::::
se	ecostruxure_opc_ua_server_expert	2.01	cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:2.01:-::::::

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

22.2%

JSON

Related for NVD:CVE-2023-37200

prion1 cve1 cvelist1