Unrated severityNVD Advisory· Published Jul 3, 2018· Updated Sep 16, 2024

CVE-2018-7783

Description

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.

Affected products

Schneider Electric/SoMachine Basicllm-fuzzy
Range: <1.6 SP1
Schneider Electric/Somachinecpe-rescue
Range: SoMachine Basic prior to v1.6 SP1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schneider-electric.com/en/download/document/SEVD-2018-142-01/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000