Vulnerability Details CVE-2022-0221
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
Products affected by CVE-2022-0221
-
cpe:2.3:a:schneider-electric:scadapack_workbench:-
-
cpe:2.3:a:schneider-electric:scadapack_workbench:6.6.8a