First published: Tue Jul 03 2018(Updated: )
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Somachine Basic | <=1.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-7783.
The severity of CVE-2018-7783 is high (CVSS score: 7.5).
The affected software is Schneider Electric SoMachine Basic prior to v1.6 SP1.
CVE-2018-7783 exploits the vulnerability by using the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node.
Yes, a fix is available for CVE-2018-7783. It is recommended to update to Schneider Electric SoMachine Basic v1.6 SP1 or later.