QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7907

Published: May 19, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

Vendor	Product	Versions
n/a	Schneider Electric Wonderware Historian Client	affected `Schneider Electric Wonderware Historian Client`

Weaknesses (CWE)

References

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01

x_refsource_MISC

http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.