CVE-2018-7783

{"id": "CVE-2018-7783", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-07-03T14:29:01.477", "references": [{"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}, {"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file."}, {"lang": "es", "value": "Schneider Electric SoMachine Basic en versiones anteriores a la v1.6 SP1 sufre una vulnerabilidad XXE (XML External Entity) mediante la t\u00e9cnica de entidades de par\u00e1metros DTD, resultando en la revelaci\u00f3n y recuperaci\u00f3n de datos arbitrarios en el nodo afectado mediante un ataque OOB (out-of-band). La vulnerabilidad se desencadena cuando la entrada pasada al analizador xml no se sanea cuando se analiza el archivo de proyecto/plantilla xml."}], "lastModified": "2024-11-21T04:12:43.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:somachine_basic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63224499-979C-451A-8E6A-98E65F295166", "versionEndIncluding": "1.6"}], "operator": "OR"}]}], "sourceIdentifier": "cybersecurity@se.com"}