CVE-2017-7907

Name of the Vulnerable Software and Affected Versions Schneider Electric Wonderware Historian Client versions 2014 R2 SP1 and prior

Description An issue with the XML parser configuration was found, which may allow an attacker to cause a denial of service or disclose file contents from a server or connected network by entering malicious input through the application. This is due to an improperly restricted XML parser that allows XML external entity reference (XXE).

Recommendations For Schneider Electric Wonderware Historian Client versions 2014 R2 SP1 and prior, consider restricting or properly configuring the XML parser to prevent XXE attacks as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.