CVE-2024-12476
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Schneider Electric | Web Designer for BMXNOR0200H | All versions | affected |
| Schneider Electric | Web Designer for BMXNOE0110(H) | All versions | affected |
| Schneider Electric | Web Designer for BMENOC0311(C) | All Versions | affected |
| Schneider Electric | Web Designer for BMENOC0321(C) | All Versions | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.