Siemens OPC UA Modelling Editor (SiOME) XML External Entity (XXE) Injection Vulnerability

Siemens OPC UA Modelling Editor (SiOME) XML External Entity (XXE) Injection Vulnerability

CVE-2023-46590 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary files in the system.

Learn more about our External Network Penetration Testing.