CVE-2018-7837
published 2018-12-24CVE-2018-7837: An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow…
PriorityP340high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.20%
64.4th percentile
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | iiot_monior | — | — |
| schneider_electric_se | iiot_monitor_3.1.38 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Schneider Electric IIoT Monitor (Update A)
cisa_ics·2019-01-08·CVSS 7.5
[HIGH] Schneider Electric IIoT Monitor (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Schneider Electric IIoT Monitor (Update A)
Last RevisedJanuary 15, 2019
Alert CodeICSA-19-008-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.3
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Schneider Electric
- Equipment: IIoT Monitor
--------- Begin Update A Part 1 of 2 --------
- Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, XXE, Cryptographic Issues
--------- End Update A Part 1 of 2 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-008-02 Schneider Electri
GHSA
GHSA-j8vf-v36p-7qjw: An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3
ghsa_unreviewed·2022-05-14
CVE-2018-7837 [HIGH] CWE-611 GHSA-j8vf-v36p-7qjw: An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3
An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-24
Published