Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ICSA-22-088-01 Rockwell Automation ISaGRAF
Vulnerability Description
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Rockwell Automation ISaGRAF 代码问题漏洞
Vulnerability Description
Rockwell Automation ISaGRAF是美国罗克韦尔(Rockwell Automation)公司的一种用于创建集成自动化解决方案的自动化软件技术。它设计为可扩展和便携,适合开发小型控制器和大型分布式自动化系统。 Rockwell Automation ISaGRAF存在代码问题漏洞,该漏洞源于当打开攻击者提供的恶意解决方案文件时,由于动态链接库文件中的不安全调用,应用程序遭受XML外部实体漏洞。攻击者可以利用这一点将数据从本地文件传递到远程 Web 服务器,从而导致机密性丢失。
CVSS Information
N/A
Vulnerability Type
N/A