CVE-2023-37200 — MEDIUM (5.5)

Q: How severe is CVE-2023-37200?

CVE-2023-37200 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-37200?

Check the references section above for vendor advisories and patch information. Affected products include: Se Ecostruxure Opc Ua Server Expert.

Vulnerability Description

A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart of the server.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Se	Ecostruxure Opc Ua Server Expert	< 2.01

Related Weaknesses (CWE)

CWE-611

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocVendor Advisory
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocVendor Advisory

FAQ

What is CVE-2023-37200?

CVE-2023-37200 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual r...

How severe is CVE-2023-37200?

CVE-2023-37200 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-37200?

Check the references section above for vendor advisories and patch information. Affected products include: Se Ecostruxure Opc Ua Server Expert.