Improper input validation in Wonderware Historian Client - CVE-2017-7907
Published: May 4, 2017
Vulnerability identifier: #VU6402
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-7907
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: AVEVA Software, LLC.
Affected software:
Wonderware Historian Client
Wonderware Historian Client
Detailed vulnerability description
The vulnerability allows a local attacker to access potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to improper restriction of XML parser. A local attacker can enter malicious input through a specially crafted application, disclose arbitrary files from the local file system to a malicious web site or cause the trend display to crash.
Successful exploitation may result in information disclosure or denial of service.
The weakness exists due to improper restriction of XML parser. A local attacker can enter malicious input through a specially crafted application, disclose arbitrary files from the local file system to a malicious web site or cause the trend display to crash.
Successful exploitation may result in information disclosure or denial of service.
How to mitigate CVE-2017-7907
Install update from vendor's website.