CVE-2023-46590 Vulnerability Details

  /     /     /  

CVE-2023-46590 Metadata Quick Info

CVE Published: 14/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: siemens | Vendor: Siemens | Product: Siemens OPC UA Modelling Editor (SiOME)
Status : PUBLISHED

---

CVE-2023-46590 Description

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application\'s processing of XML data and read arbitrary files in the system.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-611
CWE Name: CWE-611: Improper Restriction of XML External Entity Reference
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).