CVE-2014-7251
Yokogawa FAST/TOOLS < R9.05-SP2 - XML External Entity Injection
Title source: llmDescription
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN54775800/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
Scores
EPSS
0.0032
EPSS Percentile
23.8%
Details
CWE
CWE-20
Status
published
Products (5)
yokogawa/fast\/tools
r9.01
yokogawa/fast\/tools
r9.02
yokogawa/fast\/tools
r9.03
yokogawa/fast\/tools
r9.04
yokogawa/fast\/tools
r9.05
Published
Dec 06, 2014
Tracked Since
Feb 18, 2026