N/A

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted TGML graphics file to the EBO server from Workstation.

N/A

XML外部实体引用的不恰当限制(XXE)

Schneider Electric EcoStruxure Building Operation Workstation 代码问题漏洞

Schneider Electric EcoStruxure Building Operation Workstation是法国施耐德电气（Schneider Electric）公司的一个专业操作终端组件。 Schneider Electric EcoStruxure Building Operation Workstation存在代码问题漏洞，该漏洞源于XML外部实体引用限制不当，可能导致本地用户从工作站向EBO服务器上传特制TGML图形文件时造成本地文件未经授权泄露、EBO系统内交互或拒绝服务。

N/A

N/A