ID
VAR-201807-1856
CVE
CVE-2018-7783
TITLE
Schneider Electric SoMachine Basic In XML External entity vulnerabilities
Trust: 0.8
DESCRIPTION
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file. Schneider Electric SoMachine Basic Has XML An external entity vulnerability exists.Information may be obtained
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | schneider electric | model: | somachine basic | scope: | lte | version: | 1.6 | Trust: 1.0 |
| vendor: | schneider electric | model: | somachine basic | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | schneider electric | model: | somachine basic | scope: | lt | version: | 1.6 sp1 less than | Trust: 0.8 |
| vendor: | schneider electric | model: | somachine basic | scope: | eq | version: | 1.6 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-611 | Trust: 1.0 |
| problemtype: | XML Improper restrictions on external entity references (CWE-611) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
code problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | SEVD-2018-142-01 | url: | https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_name=sevd-2018-142-01-+somachine+basic.pdf&p_doc_ref=sevd-2018-142-01 | Trust: 0.8 |
| title: | Schneider Electric SoMachine Basic Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81712 | Trust: 0.6 |
| title: | Threatpost | url: | https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs/132220/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-7783 | Trust: 2.5 |
| db: | SCHNEIDER | id: | SEVD-2018-142-01 | Trust: 1.7 |
| db: | JVN | id: | JVNVU92527693 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2018-007904 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-21-103-01 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.1249 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201807-143 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2018-7783 | Trust: 0.1 |
REFERENCES
| url: | https://www.schneider-electric.com/en/download/document/sevd-2018-142-01/ | Trust: 1.7 |
| url: | https://jvn.jp/vu/jvnvu92527693/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-7783 | Trust: 0.8 |
| url: | https://us-cert.cisa.gov/ics/advisories/icsa-21-103-01 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.1249 | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/611.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://threatpost.com/schneider-electric-patches-xxe-vulnerability-in-plcs/132220/ | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2018-7783 |
| db: | JVNDB | id: | JVNDB-2018-007904 |
| db: | CNNVD | id: | CNNVD-201807-143 |
| db: | NVD | id: | CVE-2018-7783 |
LAST UPDATE DATE
2022-05-04T10:00:39.404000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2018-7783 | date: | 2018-09-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007904 | date: | 2021-04-15T07:02:00 |
| db: | CNNVD | id: | CNNVD-201807-143 | date: | 2021-08-24T00:00:00 |
| db: | NVD | id: | CVE-2018-7783 | date: | 2022-01-31T19:43:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2018-7783 | date: | 2018-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-007904 | date: | 2018-10-01T00:00:00 |
| db: | CNNVD | id: | CNNVD-201807-143 | date: | 2018-07-04T00:00:00 |
| db: | NVD | id: | CVE-2018-7783 | date: | 2018-07-03T14:29:00 |