VAR-201308-0399
Vulnerability from variot - Updated: 2022-05-17 02:05Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries.
Schneider Electric OFS software has errors in parsing XML external entities, allowing attackers to exploit the specially crafted XML data to obtain local resource information or consume a large amount of server resources. Schneider Electric OFS (OPC Factory Server) is a set of client applications that access data in real time from Schneider Electric (France). The application has features such as easy integration and custom interfaces. An XML external entity injection vulnerability exists in Schneider Electric OFS 3.40 and earlier. A local attacker could use this vulnerability to gain sensitive information or cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric ofs",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.x"
},
{
"model": "ofs",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"db": "BID",
"id": "62081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by the vendor.",
"sources": [
{
"db": "BID",
"id": "62081"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-12785",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-12785",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. \n\nSchneider Electric OFS software has errors in parsing XML external entities, allowing attackers to exploit the specially crafted XML data to obtain local resource information or consume a large amount of server resources. Schneider Electric OFS (OPC Factory Server) is a set of client applications that access data in real time from Schneider Electric (France). The application has features such as easy integration and custom interfaces. \nAn XML external entity injection vulnerability exists in Schneider Electric OFS 3.40 and earlier. A local attacker could use this vulnerability to gain sensitive information or cause a denial of service",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
},
{
"db": "BID",
"id": "62081"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SCHNEIDER",
"id": "SEVD-2013-235-01",
"trust": 0.9
},
{
"db": "BID",
"id": "62081",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "54616",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-12785",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"db": "BID",
"id": "62081"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
]
},
"id": "VAR-201308-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
}
]
},
"last_update_date": "2022-05-17T02:05:56.444000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Schneider Electric OFS XML External Entity Reference Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39291"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://download.schneider-electric.com/files?p_file_id=153783092\u0026p_file_name=sevd-2013-235-01-ofs.pdf"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/54616/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62081"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/products/ww/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"db": "BID",
"id": "62081"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"db": "BID",
"id": "62081"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"date": "2013-08-23T00:00:00",
"db": "BID",
"id": "62081"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12785"
},
{
"date": "2013-08-23T00:00:00",
"db": "BID",
"id": "62081"
},
{
"date": "2013-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "62081"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric OFS XML External Entity Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "62081"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-517"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "62081"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…