CVE-2012-4710

Name of the Vulnerable Software and Affected Versions Invensys Wonderware Win-XML Exporter version 1522.148.0.0

Description The issue allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service through CPU and memory consumption. This is achieved via an XML external entity declaration in conjunction with an entity reference.

Recommendations For Invensys Wonderware Win-XML Exporter version 1522.148.0.0, consider disabling XML external entity processing as a temporary workaround until a patch is available. Restrict access to sensitive files and intranet servers to minimize the risk of exploitation.