PT-2019-12116 · Mitsubishi · Fr Configurator2
Published
2019-07-25
·
Updated
2019-10-09
·
CVE-2019-10976
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric FR Configurator2 versions 1.16S and prior
Description
The issue occurs when input passed to the XML parser is not properly sanitized while parsing the XML project and/or template file (.frc2). This allows an attacker to read arbitrary files once a user opens the file.
Recommendations
For versions 1.16S and prior, update to a version that includes proper sanitization of input passed to the XML parser to prevent arbitrary file reading.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fr Configurator2