XML External Entity (XXE) Vulnerability in Invensys Wonderware Win-XML Exporter 1522.148.0.0

XML External Entity (XXE) Vulnerability in Invensys Wonderware Win-XML Exporter 1522.148.0.0

CVE-2012-4710 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference.

Learn more about our Cis Benchmark Audit For Server Software.