CVE-2013-2796

Name of the Vulnerable Software and Affected Versions Schneider Electric Vijeo Citect versions 7.20 and earlier Schneider Electric CitectSCADA versions 7.20 and earlier Schneider Electric PowerLogic SCADA versions 7.20 and earlier

Description The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. The vulnerability is also associated with insufficient access restrictions to certain functions, which can be exploited by an attacker to achieve similar malicious outcomes.

Recommendations For Schneider Electric Vijeo Citect versions 7.20 and earlier, consider disabling the XML parsing functionality until a patch is available. For Schneider Electric CitectSCADA versions 7.20 and earlier, restrict access to the affected functions to minimize the risk of exploitation. For Schneider Electric PowerLogic SCADA versions 7.20 and earlier, avoid using the vulnerable XML document processing feature until the issue is resolved. As a temporary workaround, consider implementing additional access controls to limit the potential impact of the vulnerability.