漏洞标题
N/A
漏洞描述信息
Schneider Electric Vijeo Citect 7.20 及更早版本, CitectSCADA 7.20 及更早版本, PowerLogic SCADA 7.20 及更早版本通过包含外部实体声明和实体引用的XML文档,允许远程攻击者读取任意文件,向局域网服务器发送HTTP请求,或导致拒绝服务(CPU和内存消耗)。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Schneider Electric Vijeo Citect/CitectSCADA/PowerLogic SCADA XML外部实体注入漏洞
漏洞描述信息
Schneider Electric Vijeo Citect、CitectSCADA和PowerLogic SCADA都是法国施耐德电气(Schneider Electric)公司的在数据采集与监控系统(SCADA)中提供监视和控制功能的软件。 Schneider Electric Vijeo Citect 7.20及之前的版本,CitectSCADA 7.20及之前的版本,PowerLogic SCADA 7.20及之前的版本中存在XML外部实体注入漏洞。远程攻击者可通过包含外部实体声明和实体引用结合
CVSS信息
N/A
漏洞类别
授权问题