Detections
Analytics

CVE-2024-12476

high

Description

CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool.

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-014-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-014-04.pdf

Details

Source: Mitre, NVD

Published: 2025-01-17

Updated: 2025-01-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.4

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High