CVE-2022-0221

Summary

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricSCADAPack Workbench6.6.8a < and prioraffected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

References