Vulnerabilities > CVE-2018-10832 - XXE vulnerability in Modbuspal Project Modbuspal 1.6
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | ModbusPal 1.6b - XML External Entity Injection. CVE-2018-10832. Webapps exploit for Java platform |
file | exploits/java/webapps/44607.txt |
id | EDB-ID:44607 |
last seen | 2018-05-24 |
modified | 2018-05-10 |
platform | java |
port | |
published | 2018-05-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/44607/ |
title | ModbusPal 1.6b - XML External Entity Injection |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/147573/modbupal16b-xxe.txt |
id | PACKETSTORM:147573 |
last seen | 2018-05-10 |
published | 2018-05-10 |
reporter | Trent Gordon |
source | https://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-External-Entity-Injection.html |
title | ModbusPal 1.6b XML External Entity Injection |