CVE-2017-12069

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

8.2HIGH

EPSS

0.9%

top 23.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ocpfoundation Local Discovery Server Ocpfoundation UA .net Siemens Simatic Pcs7 +1 more

Timeline

PublishedAug 30

Latest updateMay 17

Description

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

▶NVDsiemens/simatic_pcs78.1

▶NVDocpfoundation/local_discovery_server1.01.333.0

▶NVDsiemens/wincc7.4

▶NVDocpfoundation/ua_.net2017-03-21

Patches

Patch: opcfoundation-onlineapplications.org ↗Patch: opcfoundation-onlineapplications.org ↗

🔴Vulnerability Details

GHSA

GHSA-jj7f-wqmm-8q5f: An XXE vulnerability has been identified in OPC Foundation UA↗2022-05-17

▶

CVEList

CVE-2017-12069: An XXE vulnerability has been identified in OPC Foundation UA↗2017-08-30

▶