CVE-2018-7837
Summary
| CVE | CVE-2018-7837 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-12-24 16:29:00 UTC |
| Updated | 2019-02-01 17:29:00 UTC |
| Description | An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. |
Risk And Classification
Problem Types: CWE-611
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Schneider-electric | Iiot Monior | 3.1.38 | All | All | All |
| Application | Schneider-electric | Iiot Monior | 3.1.38 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory |
| Security Notification - IIoT Monitor V1.1 | Schneider Electric | CONFIRM | www.schneider-electric.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.