XML External Entity Vulnerability in Schneider Electric SCADA Products
CVE-2013-2796

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Citectscada; Vijeo Citect; Powerlogic Scada
Vendor: CVE Published:; 9 August 2013

Summary

Schneider Electric products including Vijeo Citect, CitectSCADA, and PowerLogic SCADA versions 7.20 and earlier are prone to an XML External Entity vulnerability. This issue allows remote attackers to interact with sensitive files on the system, leading to unauthorized data exposure or the execution of requests against internal services. Additionally, the vulnerability could facilitate denial of service attacks due to excessive resource consumption, impacting system availability. Users are advised to review the provided references for mitigation strategies.

References

http://www.citect.schneider-electric.com/cs-HF720SP459363

x_refsource_CONFIRM

http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 9, 2013