Vulnerability Details CVE-2014-7251
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v2 Score 3.2
References
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
- http://jvn.jp/en/jp/JVN54775800/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0004E.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99018
Products affected by CVE-2014-7251
-
cpe:2.3:a:yokogawa:fast/tools:r9.01
-
cpe:2.3:a:yokogawa:fast/tools:r9.02
-
cpe:2.3:a:yokogawa:fast/tools:r9.03
-
cpe:2.3:a:yokogawa:fast/tools:r9.04
-
cpe:2.3:a:yokogawa:fast/tools:r9.05