Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Web Designer for BMXNOR0200H by Schneider Electric

    CVE-2024-12476 (GCVE-0-2024-12476)

    Vulnerability from nvd – Published: 2025-01-17 09:42 – Updated: 2025-02-12 17:13
    VLAI
    Summary
    CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T13:18:38.223850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:13:56.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMXNOR0200H",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMXNOE0110(H)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMENOC0311(C)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMENOC0321(C)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could\ncause information disclosure, impacts workstation integrity and potential remote code execution on the\ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could\ncause information disclosure, impacts workstation integrity and potential remote code execution on the\ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-17T09:42:47.616Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-04.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2024-12476",
        "datePublished": "2025-01-17T09:42:47.616Z",
        "dateReserved": "2024-12-11T11:01:03.428Z",
        "dateUpdated": "2025-02-12T17:13:56.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12476 (GCVE-0-2024-12476)

    Vulnerability from cvelistv5 – Published: 2025-01-17 09:42 – Updated: 2025-02-12 17:13
    VLAI
    Summary
    CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12476",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-17T13:18:38.223850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T17:13:56.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMXNOR0200H",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMXNOE0110(H)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMENOC0311(C)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Web Designer for BMENOC0321(C)",
              "vendor": "Schneider Electric",
              "versions": [
                {
                  "status": "affected",
                  "version": "All Versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could\ncause information disclosure, impacts workstation integrity and potential remote code execution on the\ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could\ncause information disclosure, impacts workstation integrity and potential remote code execution on the\ncompromised computer, when specific crafted XML file is imported in the Web Designer configuration tool."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-17T09:42:47.616Z",
            "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
            "shortName": "schneider"
          },
          "references": [
            {
              "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-014-04.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "assignerShortName": "schneider",
        "cveId": "CVE-2024-12476",
        "datePublished": "2025-01-17T09:42:47.616Z",
        "dateReserved": "2024-12-11T11:01:03.428Z",
        "dateUpdated": "2025-02-12T17:13:56.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }