CVE-2022-2759

Name of the Vulnerable Software and Affected Versions Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20

Description The issue arises from improper restrictions in processing XML documents, allowing XML entities with URIs to resolve to documents outside the intended control sphere. This can cause the product to embed incorrect documents into its output, potentially enabling an attacker to view sensitive documents and information on the affected host.

Recommendations For versions prior to 1.13.20, update to version 1.13.20 or later to resolve the issue. As a temporary workaround, consider restricting access to XML documents that may contain external entities to minimize the risk of exploitation.