CVE-2023-29498

MEDIUM

FRENIC RHC Loader < 1.1.0.3 - XML External Entity Injection via Project File

Title source: llm

Description

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. If a user opens a specially crafted project file, sensitive information on the system where the affected product is installed may be disclosed.

References (2)

Core 2

Core References

Product

https://felib.fujielectric.co.jp/download/details.htm?dataid=45829407&site=global&lang=en

Third Party Advisory

https://jvn.jp/en/vu/JVNVU97809354/

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

fujielectric/frenic_rhc_loader < 1.1.0.3

Published Jun 13, 2023

Tracked Since Feb 18, 2026