CVE-2023-46590: XEE
First published: Tue Nov 14 2023(Updated: )
A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Siemens Opc Ua Modeling Editor | <2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this SiOME vulnerability?
The vulnerability ID of this Siemens OPC UA Modelling Editor (SiOME) vulnerability is CVE-2023-46590.
What is the severity level of CVE-2023-46590?
The severity level of CVE-2023-46590 is high with a value of 7.5.
Which versions of Siemens OPC UA Modelling Editor are affected?
All versions of Siemens OPC UA Modelling Editor up to but not including V2.8 are affected.
What is the impact of this vulnerability?
This vulnerability allows an attacker to interfere with an application's processing of XML data and read arbitrary files.
Is there a fix available for this vulnerability?
Siemens has provided a security advisory with mitigation measures for this vulnerability. Please refer to the Siemens CERT portal for more information.
- collector/nvd-api
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens siemens opc ua modeling editor