CVE-2018-17889

Summary

In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.

Affected Software

VendorProductVersion RangeStatus
WECONPI Studio HMI4.1.9 and prioraffected
WECONPI Studio4.2.34 and prioraffected

Weaknesses

  • CWE-611: INFORMATION EXPOSURE THROUGH XML EXTERNAL ENTITY REFERENCE CWE-611

ADP Enrichment

CVE Program Container

Additional References

References