Vulnerabilities > Schneider Electric > OPC Factory Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-16 | CVE-2023-2161 | XXE vulnerability in Schneider-Electric OPC Factory Server A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | 5.5 |
| 2019-03-25 | CVE-2015-1014 | Uncontrolled Search Path Element vulnerability in Schneider-Electric OPC Factory Server 3.5 A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. | 7.3 |