Main Vulnerability Database SB2017050401

SB2017050401 - Improper input validation in Wonderware Historian Client

Published: May 4, 2017

Security Bulletin ID SB2017050401

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2017-7907)

The vulnerability allows a local attacker to access potentially sensitive information or cause DoS condition on the target system.

The weakness exists due to improper restriction of XML parser. A local attacker can enter malicious input through a specially crafted application, disclose arbitrary files from the local file system to a malicious web site or cause the trend display to crash.

Successful exploitation may result in information disclosure or denial of service.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01