CVE-2022-1704
HIGHIgnition 7.9.0-7.9.21 - XML External Entity Injection in Backup Restore Functionality
Title source: llmDescription
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-207-01
Scores
CVSS v3
7.6
EPSS
0.0082
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-611
Status
published
Products (1)
inductiveautomation/ignition
7.9.0 - 7.9.21
Published
Aug 05, 2022
Tracked Since
Feb 18, 2026