PT-2014-7857 · Yokogawa Electric · Fast/Tools

Aleksey Osipov

Published

2014-12-06

Updated

2017-09-08

CVE-2014-7251

CVSS v2.0

3.2

Low

Vector

AV:L/AC:L/Au:S/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions Yokogawa Electric Corporation FAST/TOOLS versions prior to R9.05-SP2

Description The issue is related to an XML external entity (XXE) vulnerability in the WebHMI server, which can be exploited by local users to cause a denial of service, resulting in CPU or network traffic consumption, or to read arbitrary files.

Recommendations For versions prior to R9.05-SP2, update to version R9.05-SP2 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2014-7251

Affected Products

Fast/Tools

PT-2014-7857 · Yokogawa Electric · Fast/Tools

CVE-2014-7251

Weakness Enumeration

Related Identifiers

Affected Products

References · 5