Vulnerabilities > CVE-2022-0221 - XXE vulnerability in Schneider-Electric Scadapack Workbench 6.6.8A

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

schneider-electric

CWE-611

NVD

Published: 2022-04-13

Updated: 2022-04-21

Summary

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Scadapack Workbench - Schneider Electric Scadapack Workbench 6.6.8A	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.se.com/ww/en/download/document/SEVD-2022-087-01/