Medium severity6.6NVD Advisory· Published May 19, 2017· Updated May 13, 2026

CVE-2017-7907

Description

An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.

Affected products

Schneider Electric/Wonderware Historian Client
cpe:2.3:a:schneider-electric:wonderware_historian_client:*:sp1:*:*:*:*:*:*
Range: <=2014_r2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/nvdVendor Advisory
www.securityfocus.com/bid/98254nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-122-01nvdMitigationThird Party AdvisoryUS Government Resource
www.securitytracker.com/id/1038542nvd

News mentions

No linked articles in our index yet.

cvss	0.429
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000