Vulnerabilities > CVE-2023-37200 - XXE vulnerability in SE Ecostruxure OPC UA Server Expert 2.01

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

CWE-611

NVD

Published: 2023-07-12

Updated: 2023-07-20

Summary

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server.

Vulnerable Configurations

Part	Description	Count
Application	Se SE Ecostruxure OPC UA Server Expert * SE Ecostruxure OPC UA Server Expert 2.01	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf