Vulnerability Description
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Fast\/Tools | r9.01 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdfVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdfVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
FAQ
What is CVE-2014-7251?
CVE-2014-7251 is a vulnerability with a CVSS score of 3.2 (LOW). XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consum...
How severe is CVE-2014-7251?
CVE-2014-7251 has been rated LOW with a CVSS base score of 3.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7251?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Fast\/Tools.