CVE-2018-10832

Exploit

EPSS 1.75%
Veröffentlicht 11.05.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:42:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Modbuspal Project ≫ Modbuspal Version1.6 Updateb

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.75%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://packetstormsecurity.com/files/147573/ModbusPal-1.6b-XML-External-Entity-Injection.html

Third Party Advisory

Exploit

VDB Entry

https://www.exploit-db.com/exploits/44607/

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-10832

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-10832

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-10832

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-10832