CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7907

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.4%

CVSS Severity

CVSS v3 Score 6.6

CVSS v2 Score 3.3

References

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/
http://www.securityfocus.com/bid/98254
http://www.securitytracker.com/id/1038542
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01
http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/
http://www.securityfocus.com/bid/98254
http://www.securitytracker.com/id/1038542
https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01

Products affected by CVE-2017-7907

Schneider-Electric » Wonderware Historian Client » Version: 2014_r2

cpe:2.3:a:schneider-electric:wonderware_historian_client:2014_r2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7907

Products

Pricing

Contact Us