Vulnerability Details CVE-2023-2161
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause unauthorized read access to the file system when a malicious configuration file is
loaded on to the software by a local user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.8%
CVSS Severity
CVSS v3 Score 5.0
References
Products affected by CVE-2023-2161
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.34
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.35
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.5
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.5.0
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.50
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.60
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.61
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.62
-
cpe:2.3:a:schneider-electric:opc_factory_server:3.63