PT-2014-7857 · Yokogawa Electric · Fast/Tools

Aleksey Osipov

+2

·

Publicado

2014-12-06

·

Atualizado

2017-09-08

·

CVE-2014-7251

CVSS v2.0

3.2

Baixa

VetorAV:L/AC:L/Au:S/C:P/I:N/A:P
Name of the Vulnerable Software and Affected Versions Yokogawa Electric Corporation FAST/TOOLS versions prior to R9.05-SP2
Description The issue is related to an XML external entity (XXE) vulnerability in the WebHMI server, which can be exploited by local users to cause a denial of service, resulting in CPU or network traffic consumption, or to read arbitrary files.
Recommendations For versions prior to R9.05-SP2, update to version R9.05-SP2 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-7251

Produtos afetados

Fast/Tools