Vulnerabilities > CVE-2020-7572 - XXE vulnerability in Schneider-Electric Webreports 1.9/3.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

CWE-611

NVD

Published: 2020-11-19

Updated: 2022-01-31

Summary

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Webreports 1.9 Schneider Electric Webreports 3.1	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.se.com/ww/en/download/document/SEVD-2020-315-04/