CVE-2013-2796

CWE-2643 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 64.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Citectscada Schneider-electric Powerlogic Scada Schneider-electric Vijeo Citect

Timeline

PublishedAug 9

Latest updateMay 17

Description

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶NVDschneider-electric/citectscada7.20+1

▶NVDschneider-electric/vijeo_citect7.20+1

▶NVDschneider-electric/powerlogic_scada7.20+1

Patches

Patch: www.citect.schneider-electric.com ↗Patch: www.citect.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-fxqp-5cfq-qj7q: Schneider Electric Vijeo Citect 7↗2022-05-17

▶

CVEList

CVE-2013-2796: Schneider Electric Vijeo Citect 7↗2013-08-09

▶