Improper XML External Entity Handling in FRENIC RHC Loader by Fujielectric
CVE-2023-29498

5.5MEDIUM

Key Information:

Vendor: FUJI ELECTRIC CO., LTD.
Status: FRENIC RHC Loader
Vendor: CVE Published:; 13 June 2023

🔔 Create FUJI ELECTRIC CO., LTD. Vulnerability Alert

What is CVE-2023-29498?

An improper restriction of XML external entity (XXE) vulnerability exists in FRENIC RHC Loader versions 1.1.0.3 and earlier. This issue arises when a user inadvertently opens a specially crafted project file, which can lead to disclosure of sensitive information from the system where the application is installed. As a result, this poses a significant risk to user data security if exploited by malicious actors.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FRENIC RHC Loader v1.1.0.3 and earlier

References

https://felib.fujielectric.co.jp/download/details.htm?dat...

https://jvn.jp/en/vu/JVNVU97809354/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 11, 2023

JSON

FUJI ELECTRIC CO., LTD.