Unrated severityNVD Advisory· Published Mar 28, 2022· Updated Aug 2, 2024

CVE-2022-0221

Description

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)

Affected products

Schneider Electric/SCADAPack Workbenchllm-create
Range: <=6.6.8a
Schneider Electric/SCADAPack Workbenchv5
Range: 6.6.8a

Patches

Vulnerability mechanics

References

www.se.com/ww/en/download/document/SEVD-2022-087-01/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000