CVE-2018-17889
N/A
N/A
Summary
In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WECON | PI Studio HMI | 4.1.9 and prior | affected |
| WECON | PI Studio | 4.2.34 and prior | affected |
Weaknesses
- CWE-611: INFORMATION EXPOSURE THROUGH XML EXTERNAL ENTITY REFERENCE CWE-611
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.