CVE-2023-46590

Name of the Vulnerable Software and Affected Versions Siemens OPC UA Modeling Editor (SiOME) versions prior to V2.8

Description The issue is related to the incorrect restriction of XML links to external objects, which could allow a remote attacker to gain unauthorized access to protected information. This is a XML external entity (XXE) injection vulnerability, which could interfere with an application's processing of XML data and allow the reading of arbitrary files in the system.

Recommendations For versions prior to V2.8, update to version V2.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of XML external entities in the Siemens OPC UA Modeling Editor until a patch is available.