CVE-2018-7783 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-7783 PUBLISHED CVSS 7.5 HIGH

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.

EPSS 0.29% · 52.3th percentile

Risk Scores

CVSS v3.0

7.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.29%

52.3th percentile

Affected Products

Vendor	Product	Versions
Schneider Electric SE	SoMachine Basic	SoMachine Basic prior to v1.6 SP1
Schneider Electric	N/A
schneider-electric	somachine_basic	0

Timeline

Jul 3, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
May 13, 2022 CVE Updated
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

Open in Interactive Console →