CVE-2012-4710

Invensys Wonderware Win-XML Exporter 1522.148.0.0 - XML External Entity Injection

Title source: llm
STIX 2.1

Description

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference.

References (1)

Core 1
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/pdf/ICSA-13-067-02.pdf

Scores

EPSS 0.0208
EPSS Percentile 79.3%

Details

CWE
CWE-20
Status published
Products (1)
invensys/wonderware_win-xml_exporter 1522.148.0.0
Published Apr 04, 2013
Tracked Since Feb 18, 2026