CVE-2015-6463 — MEDIUM (5.8)

Vulnerability Description

CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a longtag XML schema containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS Score

5.8

MEDIUM

AV:A/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Codewrights	Hart Comm Dtm	All versions
Endress\+Hauser	Hart Comm Dtm	All versions

References

https://ics-cert.us-cert.gov/advisories/ICSA-15-267-01PatchThird Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-267-01PatchThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-6463?

CVE-2015-6463 is a vulnerability with a CVSS score of 5.8 (MEDIUM). CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU a...

How severe is CVE-2015-6463?

CVE-2015-6463 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6463?

Check the references section above for vendor advisories and patch information. Affected products include: Codewrights Hart Comm Dtm, Endress\+Hauser Hart Comm Dtm.