CVE-2024-12476

Summary

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricWeb Designer for BMXNOR0200HAll versionsaffected
Schneider ElectricWeb Designer for BMXNOE0110(H)All versionsaffected
Schneider ElectricWeb Designer for BMENOC0311(C)All Versionsaffected
Schneider ElectricWeb Designer for BMENOC0321(C)All Versionsaffected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References