Vulnerabilities > CVE-2022-1018 - XXE vulnerability in Rockwellautomation products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 1 |