Details of VAR-201705-3755

ID

VAR-201705-3755

CVE

CVE-2017-7907

TITLE

Wonderware Historian Client local XML External entity injection vulnerability

Trust: 0.8

sources: IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c // CNVD: CNVD-2017-07253

DESCRIPTION

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network. Schneider Electric Wonderware Historian is a set of industrial data management software from Schneider Electric that combines high-speed data acquisition storage systems with traditional relational database management systems. A local attacker could exploit the vulnerability to access sensitive information and cause a denial of service

Trust: 2.61

sources: NVD: CVE-2017-7907 // JVNDB: JVNDB-2017-004298 // CNVD: CNVD-2017-07253 // BID: 98254 // IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c // CNVD: CNVD-2017-07253

AFFECTED PRODUCTS

vendor:	schneider electric	model:	wonderware historian client	scope:	lte	version:	2014_r2	Trust: 1.0
vendor:	schneider electric	model:	wonderware historian client	scope:	lte	version:	2014 r2 sp1	Trust: 0.8
vendor:	schneider	model:	electric wonderware historian client r2 sp1	scope:	lte	version:	<=2014	Trust: 0.6
vendor:	schneider electric	model:	wonderware historian client	scope:	eq	version:	2014_r2	Trust: 0.6
vendor:	schneider electric	model:	wonderware historian client	scope:	eq	version:	9.5	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client r2 sp1	scope:	eq	version:	2014	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client r2	scope:	eq	version:	2014	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client	scope:	eq	version:	10.1	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client sp2	scope:	eq	version:	10.0	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client sp1	scope:	eq	version:	10.0	Trust: 0.3
vendor:	schneider electric	model:	wonderware historian client	scope:	eq	version:	10.0	Trust: 0.3
vendor:	wonderware historian client	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c // CNVD: CNVD-2017-07253 // BID: 98254 // JVNDB: JVNDB-2017-004298 // CNNVD: CNNVD-201705-227 // NVD: CVE-2017-7907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7907
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-7907
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-07253
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201705-227
value:	LOW
Trust: 0.6
IVD:	fcb932ef-d97a-42d4-80c4-2c94b48ed73c
value:	LOW
Trust: 0.2

nvd@nist.gov:	CVE-2017-7907
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-07253
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	fcb932ef-d97a-42d4-80c4-2c94b48ed73c
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-7907
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.2
version:	3.0
Trust: 1.8

sources: IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c // CNVD: CNVD-2017-07253 // JVNDB: JVNDB-2017-004298 // CNNVD: CNNVD-201705-227 // NVD: CVE-2017-7907

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2017-004298 // NVD: CVE-2017-7907

THREAT TYPE

local

Trust: 0.9

sources: BID: 98254 // CNNVD: CNNVD-201705-227

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201705-227

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004298

PATCH

title:	Wonderware Historian Client XML Injection Vulnerability	url:	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/	Trust: 0.8
title:	Patch for Wonderware Historian Client Local XML External Entity Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/93992	Trust: 0.6
title:	Schneider Electric Wonderware Historian Client Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69853	Trust: 0.6

sources: CNVD: CNVD-2017-07253 // JVNDB: JVNDB-2017-004298 // CNNVD: CNNVD-201705-227

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7907	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-122-01	Trust: 2.7
db:	BID	id:	98254	Trust: 2.5
db:	SECTRACK	id:	1038542	Trust: 1.0
db:	CNVD	id:	CNVD-2017-07253	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-227	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-004298	Trust: 0.8
db:	NSFOCUS	id:	36601	Trust: 0.6
db:	IVD	id:	FCB932EF-D97A-42D4-80C4-2C94B48ED73C	Trust: 0.2

sources: IVD: fcb932ef-d97a-42d4-80c4-2c94b48ed73c // CNVD: CNVD-2017-07253 // BID: 98254 // JVNDB: JVNDB-2017-004298 // CNNVD: CNNVD-201705-227 // NVD: CVE-2017-7907

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-122-01	Trust: 2.7
url:	http://www.securityfocus.com/bid/98254	Trust: 2.2
url:	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7907	Trust: 1.4
url:	http://www.securitytracker.com/id/1038542	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7907	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/36601	Trust: 0.6
url:	http://www.schneider-electric.com/products/ww/en/	Trust: 0.3
url:	https://www.wonderware.com/industrial-information-management/historian-client/	Trust: 0.3

sources: CNVD: CNVD-2017-07253 // BID: 98254 // JVNDB: JVNDB-2017-004298 // CNNVD: CNNVD-201705-227 // NVD: CVE-2017-7907

CREDITS

Andrey Zhukov from USSC

Trust: 0.9

sources: BID: 98254 // CNNVD: CNNVD-201705-227

SOURCES

db:	IVD	id:	fcb932ef-d97a-42d4-80c4-2c94b48ed73c
db:	CNVD	id:	CNVD-2017-07253
db:	BID	id:	98254
db:	JVNDB	id:	JVNDB-2017-004298
db:	CNNVD	id:	CNNVD-201705-227
db:	NVD	id:	CVE-2017-7907

LAST UPDATE DATE

2025-04-20T23:42:13.329000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-07253	date:	2017-05-23T00:00:00
db:	BID	id:	98254	date:	2017-05-18T16:17:00
db:	JVNDB	id:	JVNDB-2017-004298	date:	2017-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201705-227	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-7907	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	fcb932ef-d97a-42d4-80c4-2c94b48ed73c	date:	2017-05-23T00:00:00
db:	CNVD	id:	CNVD-2017-07253	date:	2017-05-23T00:00:00
db:	BID	id:	98254	date:	2017-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-004298	date:	2017-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201705-227	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2017-7907	date:	2017-05-19T03:29:00.590