CVE-2023-2161

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 86.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric OPC Factory Server Schneider Electric OPC Factory Server (ofs)

Timeline

PublishedMay 16

Latest updateJul 6

Description

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

▶NVDschneider-electric/opc_factory_server< 3.63+1

▶CVEListV5schneider_electric/opc_factory_server_(ofs)Versions prior to V3.63SP2

🔴Vulnerability Details

GHSA

GHSA-5c28-8ww8-7qf3: A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system whe↗2023-07-06

▶

CVEList

CVE-2023-2161: A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system whe↗2023-05-16

▶