CVE-2017-7457

XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure.

CVSS v3.0 5.0 MEDIUM
CVSS v2.0 1.9 LOW

5.0^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2017/Apr/51	Third Party Advisory VDB Entry
http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt	Exploit Third Party Advisory
https://www.exploit-db.com/exploits/41852/

Configurations

Configuration 1 (hide)

cpe:2.3:a:moxa:mx-aopc_server:1.5:*:*:*:*:*:*:*

Information

Published : 2017-04-14 07:59

Updated : 2017-08-15 18:29

NVD link : CVE-2017-7457

Mitre link : CVE-2017-7457

JSON object : View

CWE

CWE-611

Improper Restriction of XML External Entity Reference

Products Affected

moxa

mx-aopc_server

5.0 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2017-7457

5.0^/10

1.9^/10

Attach tags to `CVE-2017-7457`