CVE-2017-7907
MEDIUMSchneider Electric Wonderware Historian Client < 2014 R2 SP1 - XML External Entity Injection
Title source: llmDescription
An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98254
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038542
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01
Vendor Advisory x_refsource_misc
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/
Scores
CVSS v3
6.6
EPSS
0.0008
EPSS Percentile
23.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (2)
n/a/Schneider Electric Wonderware Historian Client
Schneider Electric Wonderware Historian Client
schneider-electric/wonderware_historian_client
< 2014_r2
Published
May 19, 2017
Tracked Since
Feb 18, 2026