CVE-2020-14478

Summary

A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.

Affected Software

VendorProductVersion RangeStatus
Rockwell AutomationFactoryTalk Services Platformunspecified <= 6.11.00affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References