Description
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Affected products
- Rockwell Automation / FactoryTalk® Services Platformunspecified – 6.11.00
References
- VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsa-20-177-02