Search criteria
6 vulnerabilities found for iiot_monior by schneider-electric
FKIE_CVE-2018-7837
Vulnerability from fkie_nvd - Published: 2018-12-24 16:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | iiot_monior | 3.1.38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:iiot_monior:3.1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DD41-8532-4663-A759-82022E2CEF0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de restricci\u00f3n incorrecta de XEE (XML External Entity) en numerosos m\u00e9todos del software de IIoT Monitor 3.1.38 que podr\u00eda permitir que el software resuelva documentos fuera de la esfera de control planeada, provocando que el software embeba documentos incorrectos en su entrada y exponga informaci\u00f3n restringida."
}
],
"id": "CVE-2018-7837",
"lastModified": "2024-11-21T04:12:51.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-24T16:29:00.983",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7835
Vulnerability from fkie_nvd - Published: 2018-12-24 16:29 - Updated: 2024-11-21 04:12
Severity ?
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| schneider-electric | iiot_monior | 3.1.38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:schneider-electric:iiot_monior:3.1.38:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F8DD41-8532-4663-A759-82022E2CEF0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta en un directorio restringido (\"salto de directorio\") en IIoT Monitor 3.1.38, lo que podr\u00eda permitir el acceso a archivos disponibles para el usuario SYSTEM."
}
],
"id": "CVE-2018-7835",
"lastModified": "2024-11-21T04:12:50.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-24T16:29:00.907",
"references": [
{
"source": "cybersecurity@se.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"sourceIdentifier": "cybersecurity@se.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-7835 (GCVE-0-2018-7835)
Vulnerability from cvelistv5 – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
Severity ?
No CVSS data available.
CWE
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | IIoT Monitor 3.1.38 |
Affected:
IIoT Monitor 3.1.38
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIoT Monitor 3.1.38",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "IIoT Monitor 3.1.38"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIoT Monitor 3.1.38",
"version": {
"version_data": [
{
"version_value": "IIoT Monitor 3.1.38"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106484"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7835",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7837 (GCVE-0-2018-7837)
Vulnerability from cvelistv5 – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | IIoT Monitor 3.1.38 |
Affected:
IIoT Monitor 3.1.38
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIoT Monitor 3.1.38",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "IIoT Monitor 3.1.38"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIoT Monitor 3.1.38",
"version": {
"version_data": [
{
"version_value": "IIoT Monitor 3.1.38"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106484"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7837",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7835 (GCVE-0-2018-7835)
Vulnerability from nvd – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user.
Severity ?
No CVSS data available.
CWE
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | IIoT Monitor 3.1.38 |
Affected:
IIoT Monitor 3.1.38
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIoT Monitor 3.1.38",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "IIoT Monitor 3.1.38"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIoT Monitor 3.1.38",
"version": {
"version_data": [
{
"version_value": "IIoT Monitor 3.1.38"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106484"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7835",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7837 (GCVE-0-2018-7837)
Vulnerability from nvd – Published: 2018-12-24 16:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
Severity ?
No CVSS data available.
CWE
- Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Schneider Electric SE | IIoT Monitor 3.1.38 |
Affected:
IIoT Monitor 3.1.38
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IIoT Monitor 3.1.38",
"vendor": "Schneider Electric SE",
"versions": [
{
"status": "affected",
"version": "IIoT Monitor 3.1.38"
}
]
}
],
"datePublic": "2018-12-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"name": "106484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IIoT Monitor 3.1.38",
"version": {
"version_data": [
{
"version_value": "IIoT Monitor 3.1.38"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106484"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2018-7837",
"datePublished": "2018-12-24T16:00:00",
"dateReserved": "2018-03-08T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}