CVE-2020-7572
Last modified
CVE-2020-7572 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.. EPSS estimates a 1.78% chance of exploitation in the next 30 days.
Description
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Webreports | >= 1.9, <= 3.1 |
References
- https://www.se.com/ww/en/download/document/SEVD-2020-315-04/Patch, Product, Vendor Advisory
- https://www.se.com/ww/en/download/document/SEVD-2020-315-04/Patch, Product, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7572?
How severe is CVE-2020-7572?
How do I fix CVE-2020-7572?
Are you affected by CVE-2020-7572?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST