Vulnerability Description
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Citectscada | <= 7.20 |
| Schneider-Electric | Powerlogic Scada | <= 7.20 |
| Schneider-Electric | Vijeo Citect | <= 7.20 |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02US Government Resource
- http://www.citect.schneider-electric.com/cs-HF720SP459363Patch
- http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02US Government Resource
- http://www.citect.schneider-electric.com/cs-HF720SP459363Patch
FAQ
What is CVE-2013-2796?
CVE-2013-2796 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet ser...
How severe is CVE-2013-2796?
CVE-2013-2796 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2796?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Citectscada, Schneider-Electric Powerlogic Scada, Schneider-Electric Vijeo Citect.