Vulnerability Details CVE-2020-14478
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.1%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 5.6
References
Products affected by CVE-2020-14478
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:-
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.51.00.8
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.61
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.71
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.73
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.74
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.80
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:2.90
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:6.10.00
-
cpe:2.3:a:rockwellautomation:factorytalk_services_platform:6.11.00